Is there anyway to make my ARC work if my ISP don’t support port forwarding?
Yes, you can use Tailscale.
Setup is straightforward, but is dependent on what you use for Roon server and the mobile device.
Therefore, please let us know what you are using.
Very unfortunate… I’m using Nucleus+ currently so it doesn’t support TailScale I’ve to roll back to my previous ISP.
Unfortunately, only a more recent version of Roon OS, which uses UEFI boot, supports Tailscale. However, you can use Tailscale with another computer or NAS to achieve the same end.
How big is your library, treat yourself to a Nucleus one if it’s <100k get Tailscale and ARC I think $500 still, pretty too
Does Nucleus One uses fan for cooling?
I don’t have a Nucleus one myself. I am using this small little NUC. It has a fan, but I have never heard it being used. I am running on Roon ROCK. Which is pretty much the same software that Roon’s Nucleus servers are running on.
My NUC serves 3 streamers with volume leveling. And Roon ARC on my iPhone when I am at work. It supports Tailscale, but I don’t require it myself. 101k track library. And it runs 24/7.
I reckon the Nucleus One won’t require that much cooling itself. It does have a fan itself according to its product page. But as I don’t have a Nucleus I can’t be 100% certain.
It does have a fan, but reports here suggest it is silent. This was my experience with a NUC8i3BEH running Roon OS (ROCK).
Here i use Tailscale in conjunction with my GL-INET FLINT2 routers port forwarding option.
What ISP are you using?, most of them allow port forwarding…here i have BT/EE Fibre.
That’s irrelevant since the OPs ISP uses GCNAT, i.e., multiple homes are bundled on the same address.
Many of them allow port forwarding - including BT and EE. Unfortunately, due to IPv4 address exhaustion, there are an increasing number of ISPs that do not support port forwarding due to the use of CG-NAT.
For those whose ISP does not support port forwarding, a VPN tunnel solution such as Tailscale, Wireguard and others is the only solution. Of these, Tailscale is the one that Roon have chosen to support and thus is the recommended solution when port forwarding is not available.
I haven’t come around to ARC before now. Additionally I have almost zero knowledge about networking, but heard from a guy-in-the-know(?) that port forwarding is not especially secure.
So my question is this: is TailScale more secure than port forwarding? Will my private network be vulnerable if I use ARC?
I have a Roon ROCK (based on a NUC, 8th Gen I think) and instead of using a USB stick in my Tesla it could be nice to use ARC either to my iPhone or a spare Pixel 7a.
I would not say that port forwarding - at least as required for Roon ARC - is insecure. It is just not as secure as the use of a VPN tunnel solution such as Tailscale (and others).
Quite often, you see statement that uPNP based port forwarding is a security weakness. That is true if you have reaason to not trust devices on your home network. However, if this is the case, then maybe you already have significant issues with the local network security. In any event, It is often not necessary to use uPnP or (natPMP) to automatically configure port forwarding. Instead you can usually turn these two services off in you router and use manual port forwarding instead (this is what I do).
Tailscale is more secure than port forwarding but limited port forwarding, as required by Roon ARC is already pretty secure. It only exposes one port for one protocol (TCP) and any connection to that port is authenticated.
If you use Roon ARC with Tailscale, the risk to your home network is as secure as it can be made. By contrast, If you use Roon ARC with port forwarding, is is theoretically possible to mount an attack on your Roon Server (and from there to the rest of your home network). However, In practice, the risk is extremely small.
Is your NUC/ROCK server using RoonOS 2.0 (build 271)? If so you should have Tailscale support available.
However, if your NUC/ROCK server is running RoonOS 1.0 (build 259), then it cannot run Tailscale directly on the Roon Server machine. It is still possible to use a Tailscale solution but it involves the use of another (small) computer to run Tailscale as a subnet router. This additional computer also has to be left switch on in order to use ARC when away from home.
In the event that your NUC/ROCK server is running build 259, then it is likely that it will not be possible to upgrade the OS to build 271 by clicking on the ‘Reinstall’ button in the RoonOS WebUI. If this is the case, it will be because your NUC is configured to use BIOS boot. The BIOS boot mechanism is not supported by Roon OS 2.0.
It should be possible to re-build your NUC/ROCK roon server by changing the Boot Mechanism from BIOS boot to UEFI boot (in the BIOS settings) and then re-flashing with a completely new install using the latest ROCK installer. It should be noted that this will re-format the OS disk/SSD in your NUC and so you will lose your Roon database and settings. Thus, a Roon database backup should be performed before re-installing ROCK (and possibly verified by restoring on a different (temporary) Roon server - running on a Windows or MAC computer) and restored after the ROCK reinstall.
Also, the ROCK installer, does not install the latest version of RoonOS or the Roon Server application. Thus the first thing that you should do after installation is use the WebUI ‘Reinstall’ button to update to the latest version of both.
First of all I want to thank you very much for your detailed explanation - it is REALLY appreciated!
Yes my NUC/ROCK server is running RoonOS 1.0 (build 259). I will follow your suggestion and upgrade to v2.0. And thanks for reminding me (and others) to make a backup and test it before upgrading.
You can make ARC work without ISP port forwarding using:
- A Cloudflare Tunnel proxy via a side device
- A TailScale bridge via another local machine
- A router with advanced networking features
Let me know your comfort level, and I’ll walk you through whichever option you prefer!
As I am using WireGuard connections between the FRITZ!Box and other devices the setup it quit easy:
Works just fine - never had problems.
Torben
A massively over complicated solution to a trivial problem
How so?
Using a Wireguard service on the router is essentially the same as running a Tailscale subnet-router. Wireguard and Tailscale, along with other similar systems, provide the only available solution to providing ARC connectivity to a BIOS Boot RoonOs Roon Server with an internet connection provisioned using CG-NAT.
Although I have no need for it for ARC (I have a perfectly working port forwarding solution), I have used Wireguard on my router to give me secure remote access to my home network. It is both easy and effective.
I have used Wireguard on an ASUS router and, more latterly, an Opnsense router. On Opnsense, I could also have used Tailscale. Both are available. Both solve the issue. I just used Wireguard because I know it works.
The only unfortunate thing about using Wireguard instead of Tailscale is that is is not supported by Roon whereas Tailscale is - at least when installed on the Roon Server machine itself.
Sorry for the late reply, let’s starts with router?