CORE Machine: Intel NUC - 12th Gen Intel(R) Core™ i7-1260P 2.10 GHz 16.0 GB
Windows 11
Who is your internet service provider?
Starlink
Please list the make and model of your modem and router?
ASUS RT-AC88U / asuswrt-merlin
Do you have any additional network hardware, like additional routers or managed switches?
Various unmanaged switches, though the core NUC is hardwired to the router
Does your network have any VPNs, proxy servers, or enterprise-grade security?
Yes, Proton VPN running on the NUC to use ARC because of Starlink using CG-Nat
Connected Audio Devices
2 Blusesound PowerNodes (hardwired)
3 Bluesound Nodes 2 Hardwired, one wifi)
1 Linn Selekt DSM (hardwired)
Description of Issue -
What is the exact port forwarding error message you see in the Roon Settings → ARC tab?
I understand that technically Roon doesn’t support VPN’s but it does seem they sort of been more or less accepted to use with ARC, as things get ironed out - Arc was working well prior to the new build with the VPN, and I was wondering if there could be anything with this new build that could be causing this behavior - Or, should I be looking elsewhere - Thanks!
i did notice that now the core and remote have been split, they are at different builds, but maybe that’s correct?
You are running an Early Access core and a Production remote. Did you ever install it this way or did this just happen? It shouldn’t and this would certainly be a @support topic if it did.
Normally you should run either earlyaccess or production everywhere, not mix them - this may or may not work at any given time. Changing is described here:
As for the VPN, as you wrote this is not supported. I’m not moving the topic to #tinkering though, leaving @moderators to decide this
I noticed you’re a Starlink user, so your perception of a gray area around official support for VPNs with ARC is totally understandable. Here’s the situation and what the team can offer to help out:
Starlink offers their their users an IPv4 external address with carrier-grade network address translation (CG-NAT). CG-NAT won’t work with ARC, which has forced the majority of users to rely on VPNs such as TailScale over in #tinkering.
The majority of Starlink users also have an external IPv6 address - in simple network setups and with proper prefix delegation on the part of the ISP, ARC will function on an IPv6 network. However, Starlink’s implementation is not playing well with Roon at the moment, and we have an open ticket to investigate. See here: Starlink IPV6 Roon ARC and here: ARC With Starlink & Ubiquiti UniFi Dream Machine [Roon Investigating]
The diagnostics you’ve presented suggest that your VPN is presenting an external address to the Roon Core, but that the request to ARC times out before reaching your phone. While we don’t officially support VPNs, given the circumstances with Starlink, I have a few suggestions:
Verify whether the VPN has any ports it has reserved and make sure that the port assignment in Roon → Settings → ARC isn’t among them
I’d make sure your router similarly hasn’t changed port reservations due to an automatic update
Try a different VPN.
Keep an eye on the Starlink threads above, as the team is investigating this issue actively. Note that if we determine the problem is with Starlink, our hands are tied, but we are determined to help Starlink users gain access to ARC out-of-the-box and on-the-go.
Thanks Conner & Suedkiez,
I’ve been following the Starlink threads - AS I mentioned, ARC was working great with the VPN prior to the new build (1310) is it possible with the new build which split the core and remote, that for folks running early access, that it simply added the the ‘standard’ remote build (not the early access version) on the the core? - or is that crazy talk? Should those 2 build numbers in the second screen shot be the same?
something else to keep in mind about Starlink and those who have been moved to Ipv6 is, not everyone has been receiving a static Ipv6 IP - I know some have mentioned that theirs hasn’t changed, but for many, the IP changes often… This is one of the main reason I’ve been using a VPN thanks for your help!
Hey, I’m circling back to this issue - I’ve installed the latest build of the Server and Remote and still experiencing issues with ARC over the VPN - This was working fine prior to installing the new build 1310.
I do have a question - the screenshot below is from the machine running the Server: (the VPN is not on or running)
what does the 127.0.0.1 represent? That isn’t the IP of the server machine…
The 127 address you’ve referenced is the loopback address for that computer, also known as localhost. It’s for self-pinging diagnostics to and from the router and is likely unassociated with your VPN and Roon.
When we introduced SSO to earlyaccess, Cores and Remotes on different branches would have encountered authorization failures, since any earlyaccess devices would be authorizing through SSO. SSO is now funneling authorizations through a single service, rather than separately from each device. Thus, any authorizations in ARC are taking a different (and much safer) route to reach Roon’s servers. It’s unfortunately not surprising that a VPN configuration that functioned before SSO would not function with the new authorization pathway.
To eliminate the possibility that any cached authorizations or residual failures from the build mismatch are occurring here, try uninstall the production build of Roon from the Remote and placing your entire ecosystem on earlyaccess.
Thanks Conner - I think you may be on to something - all my remotes are at 1310 earlyaccess - My Server is at 1310 earlyaccess as well. The ARC connection is still not working - However, I tried logging out and back in of my Roon account from machine that the Server is on and get this progression:
hit ‘Connect’
Hit ‘Login’
Chose my account and then get this:
after this nothing happens -clicking the link doesn’t do anything… I tried from another PC running Remote with the same result - I next tried it from my phone (Android) and was successful - However, the ARC port forwarding with the VPN still didn’t work. Could something be messed up with my login or how I’m authorizing ?
