Am I to understand that you have a configuration something like:
Modem <------------> Non Private Router <-------------------> Private Router
| |
Non Private network Private Network
or (if the Modem and the non-private router are the same device)
Modem / Non Private Router <-------------------> Private Router
| |
Non Private network Private Network
And that your Roon server is on the ‘Private Network’?
I am a little confused because you talk about a modem and two routers - but then you talk about port forwarding on the modem. Normally a modem is a bridge device and port forwarding is not relevant.
If either of these is the case, you only have two options:
- Use port forwarding on both routers
- Use a free Tailscale (or similar) VPN solution to configure a virtual private network with your Roon server and your ARC device in it.
Whilst, technically, the first solution is a security weakness into your private network, the weakness is exceedingly small. Whilst the ARC port would be open for any internet side computer to connect to, the security protocols on that port within the Roon Server itself will mean that bad actors are unlikely to be able to exploit the open port. In principle, there is less risk with explicit port forwarding on both routers.
In any event, in this scenario, uPnP can not be used to set up the Roon port forwarding because it has no mechanism to open the port of the ‘non private router’ and the configuration checks on the ‘private router’ may well fail because of the presence of the ‘non private router’.
The second solution, Tailscale, now appears to be an officially sanctioned (I don’t know about supported - it still references a how to in tinkering ) solution. See:
The post in tinkering referenced by the above announcement can be found at:
And finally, this references a help centre article on the use of Tailscale at: