My router has several VPN connections but the policy routing in place for my Roon server & client network ensures traffic only leaves my default WAN connection. I can break Wireshark out this evening after Ive cleared some work and do some debugging to see whats going on as well.
disabled Tailscale and problem solved! Now iPHONE/iPAD Roon remote can instantly access MY Roon Server (Windows 11 desktop) without alien roon servers being displayed
What does this mean though … never to use Tailscale or any other VPN?
I would like to report a potentially serious security issue I have recently encountered.
While using the Roon app, I noticed that during the Core selection screen, I was able to see and even connect to Roon Cores that do not belong to me. These Cores appear to be hosted by other users who seem to be on the same ISP or network segment.
This raises a number of privacy and security concerns, as it may allow unauthorized access to another user’s private music library or system. I believe this may be related to incorrect filtering logic or insufficient access control when retrieving available Cores, possibly due to shared network identifiers such as public IP addresses.
1 Like
disable VPN and this problem along with connecting to your own roon server via roon remote will go away!
looks like you are more secure without VPN!
I’ve merged your post into the existing thread on this issue. Roon Labs are investigating.
1 Like
no, i’m not using a VPN
no, mine is on a private network, and not on VPN
No Tailscale for ARC, either?
What’s happening?
· Other
How can we help?
· None of the above
Other options
· Other
Describe the issue
mmediate Action Required: Roon Servers Publicly Exposed!
I’ve been notified by a friend that he discovered that all Roon Servers are currently exposed to the public, meaning anyone can take control of your server directly from the Roon app, without needing any login information.
Describe your network setup
It's irrelevant!!!
I’ve merged your post into the existing thread. Roon Labs are investigating the issue.
This is speculation and incorrect. In some instances, Roon is displaying multiple unauthorized servers. This does not mean your network is exposed to the internet; most likely, Roon’s cloud service is providing erroneous information.
However, for reassurance, you may use Shields Up! to check your network security.
Merging into the main thread …
You have to understand is that not ALL consumers has the ability to understand this.
Especially when one can access other people’s Roon server without any credential.
I love Roon, but this is just far from normal.
But you can’t access their local network.
I’m kinda ■■■■■■ by you.
because I LITERALLY ACCESSED SOMEBODY ELSE’S SERVER! AND THIS ISSUE TERRIFIED ME!
I understand you are concered, bit please abide by forum etiquette. I am trying–and clearly failing–to reassure you that your network is nor exposed to the Internet.
You are seeing Roon’s cloud presentation of another server.
This needs to be resolved, and Roon is aware of the issue and working on it.
The advice is clear: disable VPNs and/or shutdown your Roon server.
Found that other than my own server on iMac, the connect page also shows other servers.
Upon connecting, some servers I can connect without a password, and can then see the entire library and connected devices of that server (not mine)
What’s happening? Can other people connect to my server too?
I’m not sure I would technically agree with this statement. I demonstrated above in a screenshot I could browse remote networks file servers through the backup option. Theres a lot of metadata available (trip places, dates, receipts, family member names, date of birth etc) that alone makes me uncomfortable enough to have taken my own server offline.
I’m not convinced this is being handled appropriately. I’m on the fence but I don’t think this issue necessarily warrants taking the cloud service offline but an email to users advising this issue is being investigated, what the impact and risk is, and giving them info to decide for themselves how to proceed would have been appropriate.
Anyway, hoping for a quick resolution to this matter.
Although i can’t verify it tunes are actually playing, I appear to be able to control remote zones. I can select a device, set volume and play/pause etc.
What’s happening?
· See Other Roon User Library
How can we help?
· Advice why it's happening and if there is a Security issue
Other options
· Other
Describe the issue
I see other peoples Roon Music Library on My Roon Client. Is there a Security Issue on Roon's side? I don't think I should see other peoples servers, and now I wonder if that happens other way around that other people see mine.
Describe your network setup
NUC, Eero 7 Pro
[redacted] removed since it contained emailI have merged your post with the main thread. Roon Labs are investigating the issue.
