Network Settings for Roon ARC app

Roon ARC works well both on mobile data and wifi unless I’m on wifi at work where my works firewall blocks the app.
Please advise as to the destination IPs, protocols and ports used by the app so that I can add firewall rules.
Thank you

@Tony_Kelt, welcome to the community. A fellow user here, but do you have the ability to configure your work firewall? ARC really is designed for the consumer/residential segment, while business firewalls typically prevent many of these services.

I am not sure a business firewall supports UPnP or could allow it to be activated (if this is even possible), or a specific port forwarding rule to allow a consumer application to pass through it to reach the public IP address of your home network. If a port forwarding rule could be implemented on your business firewall, it should match the port shown in Settings → Roon ARC, and point to the public IP address of your home network.

1 Like

@Robert_F, thanks for your reply.
I am lucky enough to be able to confirgure my works firewall and setup port forwarding rules as we use many services & apps with weird needs… I work in education.
Regarding the public IP of my home network, I’m in the UK and as far as I know most people (myself included) don’t have a fixed public IP. So any rule in my works firewall would have to be regularly changed.
I therefore presumed that the app touched in with Roonlabs servers to start the connection to my core because of this lack of fixed IP?
As a test I have added the app to a new device whilst at my partners home and this connects fine, so the app must surely be talking to Roonlabs first or how would it know where my core is? It’s the settings for this communication with Roonlabs that I’m looking for.
Kind Regards

Is your @Tony_Kelt core on your corporate network?
UPnP enabled on a corporate firewall/router?

If your core is not on your corporate network:
Why does your works firewall need to be reconfigured for outbound traffic and established inbound connection? This should work out of the box as this is how firewalls handle traffic.
ARC client is not weird or demanding from a networking perspective, only the port forwarding part needs to be configured correctly into the network where the core is.

My core is at home.
My works firewall needs configuring for all sorts of different connections. It is overly secure as it’s an educational system so locks down as much as possible for e-safety of the children.
uPNP is enabled.
I’m not 100% this is the problem but my ARC works everywhere else with zero problems leaving me to believe it is works firewall. This is why I’m asking for the destination IPs, protocols and ports used by the app. With this info I can add them to the firewall / troubleshoot further.

UPnP has nothing to do with this as his core is at home he just can’t stream using arc at work the app doesn’t rely on UPnP at all.

It’s likely that your corporate Wi-Fi has blacklisted Roons traffic as a potential security breach as its connecting to an unknown service on a specific port. Can you stream using Spotify, qobuz at work normally using their apps?

1 Like

I don’t stream so I wouldn’t know about other services but some staff use Spotify and many years ago I had to change the firewall rules to allow this. Spotify provided the destination IPs, protocols and ports used by their app and all was good.
I’m sure it’s the Roon traffic being blocked. However I can change the firewall, I just need to know the destination IPs, protocols and ports used by the Roon ARC app.

Is there anyone from @Roonlabs that can answer this query please?

Not official support, but, I will ping them for you @support.

Thank you @Rugby

Hi @Tony_Kelt,

If you don’t stream with Roon (Qobuz or Tidal), the only communication is happening with your core via your core’s IP address and the port designated within Roon>settings>Roon ARC.


ARC, after login, gets the public / routable IP of your core from Roon cloud service. This is discovered / updated every 4 hours. After that, ARC makes a TCP socket / connection directly to your core.

If your firewall needs outbound allow rules it is your Cores public IP:Port that needs to go into your FW. The port will be fixed but, as you stated, the IP may change and require updating the rule. You could also add any:arcPort if you want to open every IP to the ARC Port of your core.

ARC will not tell you the IP its using to connect to your Core. I’ve repeatedly asked for this to be exposed and here is another usecase where it would be helpful.

There are ways you can discover the IP of your core while away from home. Then you’d know what address to punch into your FW.

ARC Login = Google Cloud, I think its port 443. It looks like a web request. The IP range is vast. You probably already have other things opened for this range. oh, and DNS to resolve the FQDN of the login service but I assume this already is set-up.

ARC Service
IP = The public / routable IP of your home.
Port = The port in Roon → Settings → ARC (same one you set-up port forwarding at home)
Proto = TCP

That’s it. Single IP of your home. Single port configured on core.

edit: This is for local only. Streaming from Qobuz or Tidal, ARC will directly pull the stream from those services so they need to already be functional in their native apps.

Thanks @ipeverywhere.
Google Cloud is 100% open so it’s the connection to my core. Not gonna open up every IP to the ARC port of my core on works firewall.
Will approach my ISP and see how much to have a fixed public IP.


This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.