Network Error 504 and Multiple NAT Found in Roon Status (ref#1ARJQ4)

Support ARC: Port Forwarding Help
1

Network Setup

· My only router was provided by my ISP

ARC Status

· ARC is *Not Ready*

Roon Error Code

· The ARC settings page says "Not Ready," but I can still connect to ARC via cellular data. I'm having another problem.

Describe the issue

this is the status error message….
{
"ipv6_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"},
"ipv4_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"},
"external_ip": {"actual_external_ip":"104.kkk.lll.mmm","actual_external_ipv6":"2600:aaa:bbb:ccc:ooo:rrr:sss:ttt","router_external_ip":"100.hhh.iii.jjj"},
"status": "status": MultipleNatFound
,
"natpmp_autoconfig": {"status":"NotFound"},
"upnp_autoconfig": {"server_ip":"192.168.40.1","found_upnp":true},
"multinat_autoconfig": {"status":"Failed","error":"Unknown Error code"}
}

Describe your network setup

bluestream
roon running on ubuntu
network devices provided by bluestream



{
"ipv6_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"},
"ipv4_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"},
"external_ip": {"actual_external_ip":"104.kkk.lll.mmm","actual_external_ipv6":"2600:aaa:bbb:ccc:ooo:rrr:sss:ttt","router_external_ip":"100.hhh.iii.jjj"},
"status": "status": MultipleNatFound
,
"natpmp_autoconfig": {"status":"NotFound"},
"upnp_autoconfig": {"server_ip":"192.168.40.1","found_upnp":true},
"multinat_autoconfig": {"status":"Failed","error":"Unknown Error code"}
}

2

The diagnostics you’ve provided suggest there is a redundant layer of network address translation preventing port forwarding.

This can either be at the local-network level (commonly as a result of two routers), or at the level of your service provider (in the form of carrier-grade NAT).

If your setup involves an ISP-provided gateway (modem/router combination) and your own third-party router:

  • In the web administration interface of the ISP-provided gateway (modem/router combination), enable Bridge Mode or equivalent, where the ISP-provided gateway does not have DHCP routing enabled.
  • Alternatively, if you have already created a manual port forwarding rule in your 3rd party router, you can add an additional rule to forward the port through the ISP/second router.

If you only have one router in your setup or your modem is already in Bridge mode, please take a look through our list of known router and internet service provider solutions, as other users may have already encountered the same situation: ISPs and Routers: List of Known Solutions and Workarounds

You can reach out directly to your service provider to ask if they support port forwarding; this question will often enough to prompt them to explain whether or not the carrier-grade NAT they’ve implemented can function with ARC.

More specifically, you can pass along the following questions:

  • Have you implemented carrier-grade NAT for my account level?
  • Have you fully implemented IPv6, or do you have IPv4 addresses available?
  • Can I request a static IPv4 address to support port forwarding?
  • Are there any ports you have reserved at the ISP level I should be aware of?

If you’re unable to locate an existing solution in our Support > ARC: Port Forwarding Resources subcategory, please reach out to the Roon support team and include the following information:

  1. What is the make and model of your modem and router?
  2. Do you have any additional network hardware, like additional routers or managed switches?
  3. Who is your internet service provider and what is your geographic region?
  4. Is your Modem configured in Bridge Mode so that it operates only as a modem or do you have the ports forwarded on both?
1 Like
3

In addition to all that @mjw has said, the router_external_ip address shown (obfuscated) as “100.hhh.iii.jjj” suggests that your ISP is using Carrier Grade NAT (CG-NAT) since ip address ranges in the range 100.64.0.0 to 100.127.255.255 are reserved for this purpose. This being the case, then there is little point in trying to sort out any local network issues with port forwarding as CG-NAT is incompatible with port forwarding.

The easiest way to confirm whether or not your ISP is using CG-NAT for sure, is to use a web browser to visit a site like whatismyip.com which will display the ip addresses (both ipv4 and, if enabled, ipv6) from which the connection to the web server was made. For ipv6, this will be an actual public ipv6 address associated with the device on which you are browsing the web. However, for ipv4, this will be the public address of the furthest upstream device that performs NAT. For CG-NAT connections, this will be the ISP gateway. For non CG-NAT connections, this will be the WAN side ip address of your router.

Thus, if the IP address shown by whatismyip.com matches the external IP address shown on your routers web admin pages, then your ISP is not using CG-NAT. If the two IP addresses are different, then your ISP is using CG-NAT.

Are you are already using a VPN solution such as Tailscale or Wireguard to provide local network access from your phone/tablet when connected on cellular (or any non-local WiFi hotspot). If this is the case, then you can safely ignore the ‘Not Ready’ status because it is relevant only to port forwarding connections and you are not using port forwarding.

2 Likes
4

Thankyou, Oram. It looks very much like Bluestream is using CG-NAT…

Now to find a way around that.

5

Good day @Phil_Kemp !

What @mjw and @Wade_Oram are saying is quite exhaustive.

If you don’t have other router in your house you’d need to talk to your ISP and ask them for a static address.

If that is not possible or you don’t want it, you can still use it with VPN.

For example, you can use TailScale. Instruction can be found here.

Let us know please should you have more questions.

Regards.

6

I thought you must already have a solution because said you could connect via cellular data.

If that is not the case then the ‘Tailscale’ link I posted above will describe a solution. That link takes you to a page which describes the solution in general and, on the right hand panel, provides links to setup instructions for different Roon Server setups.

The only Roon Server setups not addressed are those using the original Nucleus and Nucleus Plus devices and some ROCK devices that use BIOS boot however you state that your Roon Server is on an Ubuntu machine so the instructions you want will be:

7

ok… coffee’s on. i’ll let you know how it goes!

8

ok, I have it working with tailscale…is there a link to how to manage the vpn with roon accessible? at the same time arc is accessible….

9

As far as I’m aware (I don’t use Tailscale), for normal use of Roon at home you disable the Tailscale tunnel on the mobile device and for remote access using Roon you enable it.

On the Roon Server, the Tailscale VPN tunnel is always available.

In the past, I have experimented with wireguard which works in a similar manner. The Android wireguard app (not sure about IOS for iPhone/iPad devices) allows you to configure the tunnel to be used only by certain apps so you could configure it to be used by ARC only and the normal Roon client would not use the tunnel and thus work normally even with Wireguard enabled on the phone.

There may be a similar feature in the Tailscale app. If so, you could use that in the same way. That would avoid having to enable and disable the Tailscale tunnel all the time.

10

Hello @Phil_Kemp,

Thanks for the detailed diagnostics and for confirming the results.

Based on the information you shared, this setup is definitively behind Carrier-Grade NAT (CG-NAT):

  • The router_external_ip is in the 100.64.0.0/10 range, which is reserved for CG-NAT.
  • This makes port forwarding impossible, regardless of router or UPnP configuration on your side.

The fact that ARC could connect from cellular data indicates that you already had (or later enabled) an overlay connection path (such as VPN/Tailscale). In this case, the ARC status page will still show Not Ready because that status applies only to direct port-forwarding connectivity, which CG-NAT prevents.

There are only two viable approaches with CG-NAT:

  1. Request a public / static IPv4 address from your ISP
    If Bluestream can provide this, ARC can use standard port forwarding and the status page will show Ready.
  2. Use a VPN-based solution (recommended and fully supported)
    Tailscale is a good choice and works well with ARC on Linux-based RoonServer systems, including Ubuntu.

You’ve already confirmed that ARC is now working via Tailscale — that means the core problem is resolved.

Managing Roon vs ARC with Tailscale:

  • On the Roon Server, Tailscale should remain enabled at all times.
  • On your mobile device:
    • Disable Tailscale when you’re at home and using regular Roon control.
    • Enable Tailscale when you’re outside the home and using ARC.
  • Some VPN clients allow per-app routing (ARC-only). If available in your Tailscale client, this can avoid manual toggling, but it’s optional.

Glad to hear you’ve got it working — and enjoy the coffee :hot_beverage:
If you have further questions about ARC or remote access, feel free to ask.

11

thanks… coffee was good! the fact that arc is now working, even better..

12

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.

13

Hello @Phil_Kemp

Thank you for the update. Enjoy your music!