Remote connection via VPN - [Resolved] but ongoing discussion

I made my home network a different subnet than what I’d usually see anywhere I might want to use my VPN. Moms, gym, etc If it makes yiu feel any better I cannot fir the life of me get my iPad to VPN in but my iPhone works perfectly.

I think what he meant is that the devices that VPN in, get assigned an IP address in a different subnet than when you are on the local network without the VPN. He is not referring to IP addresses of the network from which you VPN.

I think i understand now Bart, thanks. My VPN server lets me assign a range where the first three numbers are the same and I use .20 thru .30 for the VPN range. Not sure if any of this is relevant, just trying to help.

That explains why it is working for you. Roon doesn’t work across subnets (or at least not out of the box). In your case the router assigns the device that VPN in, an ip address in the same subnet. Hence why it works for you.

Yep, as I suspected! Nice that you’re able to get in on the same /24 subnet. Strange it’s not working for you on your iPad. Any change you’re running a really old iOS version on your phone?

news on this side:

1 Like

Core Machine (Operating system/System info/Roon build number)

Imac 2005

Network Details (Including networking gear model/manufacturer and if on WiFi/Ethernet)

Sky

Audio Devices (Specify what device you’re using and its connection type - USB/HDMI/etc.)

Pi , Allonboss
Onkyo 8150
Music on Synology Nas

Description Of Issue
No to sure where to put this question.

So frustrated that there is no news in any Mobile streaming, would be awesome if this could be possible… Most of my music listening I’m away from home… And see I’m not alone with that…m Any news!

Firstly , I understand that VPN isn’t officially supported.

So whilst I patiently wait for a streaming solution, I’m trying to get a remote VPN connection, and looked at many conflicting and confusing ideas, on here.

My imac is running the core… My music is on a Synolog NAS, and I’m trying to stream over 4g to my Android 6t.

I have installed open VPN on my NAS…
With WiFi on, and VPN, I can see and control the core, but can’t get Android to play as an end point, it is seen, but fails to play audio, just skips through album covers in the queue.

With VPN disabled, all is good, and phone works as an end point.

With VPN on, and over 4g, can’t see core, and get enable WiFi notification in the roon app.

I can ping the core server.

Core can’t see phone.
………
Questions.

I see people mentioning using openvpn, and setting it into bridge mode… How?

Is the issue due to VPN, giving me a different grouped ip address, compared to the LAN i.e. 192.168.1.x for core and 192.168.2.x for phone.

How do you get passed the “enable WiFi” screen

Really need to get this to work…

Must say New to Roon, so impressed,!

Many thanks

There is a whole thread on this in #tinkering so I expect someone will move this over to it here Remote connection via VPN - [Resolved] but ongoing discussion

1 Like

Are you using the Ubuntu Server or desktop?

Just the desktop version. 18.04 LTS.

Note unless I have a very good internet connection remotely, it’s not very reliable as other people have stated. I don’t believe there’s any way around this unless some kind of local buffering is introduced by Roon.

1 Like

As before’s information the key issue is due to Roon&IOS should be in the same subnet.
I setup a VPN server in Synology and used l2tp/ipsec for the VPN connection. Also it need to fix IP assigned issue in VPN configuration.

Here is what I change in the config file.
Modify IP range in this file.
–>/usr/syno/etc/packages/VPNCenter/l2tp/xl2tpd.conf
modify this line
–>ip range=172.16.1.x-xx(change to your non-conflicted IP in Roon subnet)

restart the VPN service and iOS/Macbook can get streaming from Roon via VPN.

Just to add my environment if it helps in some way.

Mac/iOS on the same subnet
Router: RTX1210 (VPN=L2TP)

I was able to play on my iOS devices over WiFi/Cellular, but since version 1.6, playback on iOS devices does not work (still those devices can find the Core and work properly other than playing on iOS devices).

So, I believe that the problem is related not only to the subnet, but also to the ports used for RATT protocol.

Ouch - same here. VPN no longer working to play on remote iOS devices since build 416 - which is the only reason to use VPN, really :frowning:

here the same :frowning: no iOS play anymore somebody??? any Luck? here is my story same IP range Same net mask … worked like a charm … now not anymore
hu May 23 15:55:43 2019 : sent [CHAP Success id=0xc9 “S=CA74B51405A53243966A0F4E212FA18AE0CFDFB4 M=Access granted”]
Thu May 23 15:55:43 2019 : CHAP peer authentication succeeded for vpnuser1
Thu May 23 15:55:43 2019 : DSAccessControl plugin: User ‘vpnuser1’ authorized for access
Thu May 23 15:55:43 2019 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.221>]
Thu May 23 15:55:43 2019 : sent [ACSCP ConfReq id=0x1]
Thu May 23 15:55:43 2019 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
Thu May 23 15:55:43 2019 : ipcp: returning Configure-NAK
Thu May 23 15:55:43 2019 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.134> <ms-dns1 192.168.1.221> <ms-dns3 192.168.1.221>]
Thu May 23 15:55:43 2019 : rcvd [IPV6CP ConfReq id=0x1 ]
Thu May 23 15:55:43 2019 : Unsupported protocol 0x8057 received
Thu May 23 15:55:43 2019 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a c8 e7 a9 00 2f b6 0a 0c]
Thu May 23 15:55:43 2019 : rcvd [LCP ProtRej id=0x2 82 35 01 01 00 04]
Thu May 23 15:55:43 2019 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.221>]
Thu May 23 15:55:43 2019 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.134> <ms-dns1 192.168.1.221> <ms-dns3 192.168.1.221>]
Thu May 23 15:55:43 2019 : ipcp: returning Configure-ACK
Thu May 23 15:55:43 2019 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.134> <ms-dns1 192.168.1.221> <ms-dns3 192.168.1.221>]
Thu May 23 15:55:43 2019 : ipcp: up
Thu May 23 15:55:43 2019 : found interface en0 for proxy arp
Thu May 23 15:55:43 2019 : local IP address 192.168.1.221
Thu May 23 15:55:43 2019 : remote IP address 192.168.1.134
Thu May 23 15:55:43 2019 : Received protocol dictionaries
Thu May 23 15:55:43 2019 : Received acsp/dhcp dictionaries
Thu May 23 15:55:43 2019 : Committed PPP store
Thu May 23 15:55:43 2019 : Received acsp/dhcp dictionaries
Thu May 23 15:55:43 2019 : Committed PPP store
Thu May 23 15:55:43 2019 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.221), current interface setting (name: ppp0, family: PPP, address: 192.168.1.221, subnet: 255.255.255.0, destination: 192.168.1.134)

My iphone play via VPN is still working. L2tp on a Synology Nas using Synology VPN server and iOS standard VPN connection

Hi,
This is only my 2nd post in the ROON community so be patient with me…
I have spent a few weeks tinkering with my 2 Roon ROCK NUCs. I decided to convert both to LINUX Boxes and installed the latest Debian version. I subsequently installed OpenVPN on the same box to attempt to get ROON to talk to my iphones while on the road…

I found the way to set this up with 2 OPENVPN interfaces running on the ROON Box at the same time; one for TUN and one TAP. My laptop uses the bridge and my iPhone the tunnel. I can now say that both works. I can access all my devices, surf the Internet AND use the ROON remote. I previously posted only a snapshot on how to do this, but since it is working so well, I include below the various configuration files on how to get this done; hopefully, some of you may find it useful.

DD-WRT LAN Router w/ 192.168.0.1 Gateway
Roon Server on Intel NUC with Debian Linux
OpenVPN Server on NUC Roon Box with br0 @ 192.168.0.2
TAP interface through 192.168.0.2
TUN interface through 10.8.0.1

/etc/network/interfaces – setting up permanent bridge – br0**
source /etc/network/interfaces.d/*
auto lo
iface lo inet loopback

/etc/network/interfaces.d/br0 – br0 configuration file**
auto br0
iface br0 inet static
address 192.168.0.2
broadcast 192.168.0.255
netmask 255.255.255.0
gateway 192.168.0.1
dns-nameservers 192.168.0.2 192.168.0.1 8.8.8.8
bridge_ports eno1
bridge_fd 9
bridge_hello 2
bridge_maxage 12
bridge_stp off
bridge_prio 1000
pre-up /bin/sh /etc/firewall/enable.sh

/etc/firewall/enable.sh iptables firewall shell script – android devices to stay attached to ROON
#!/bin/sh

IGMP / Broadcast - required by Roon

iptables -A INPUT -s 224.0.0.0/4 -j ACCEPT
iptables -A INPUT -d 224.0.0.0/4 -j ACCEPT
iptables -A INPUT -s 240.0.0.0/5 -j ACCEPT
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT
iptables -A INPUT -m pkttype --pkt-type broadcast -j ACCEPT

Roon

Core

iptables -A INPUT -s 192.168.0.0/24 -p udp --dport 9003 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp --match multiport --dports 9100:9200$

Web Controller

#iptables -A INPUT -s 192.168.0.0/24 -p tcp --dport 8080 -j ACCEPT

/etc/openvpn/bridge/bridge-start
#!/bin/bash
############################################

Open tap0 OpenVPN bridge - Bridge tap0 with br0

Requires: bridge-utils

############################################
openvpn --mktun --dev tap0
brctl addif br0 tap0
ifconfig tap0 0.0.0.0 promisc up
iptables -A INPUT -i tap0 -j ACCEPT
iptables -A INPUT -i br0 -j ACCEPT
iptables -A FORWARD -i br0 -j ACCEPT
ifconfig br0 0.0.0.0 promisc up
ifconfig br0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255

/etc/openvpn/bridge/tunnel-start
#!/bin/bash
######################################################

Open tun0 OpenVPN tunnel

iptables for traffic between 10.8.0.0 subnet and main gateway

Requires: bridge-utils

######################################################
openvpn --mktun --dev tun0

Allow traffic initiated from VPN to access LAN

iptables -I FORWARD -i tun0 -o br0 -s 10.8.0.0/24 -d 192.168.0.0/24 -m conntrac$

Allow traffic initiated from VPN to access “the world”

iptables -I FORWARD -i tun0 -o br0 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j$

Masquerade traffic from VPN to “the world” – done in the nat table

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE

Masquerade traffic from LAN to “the world”

iptables -t nat -I POSTROUTING -o br0 -s 192.168.0.0/24 -j MASQUERADE

/etc/openvpn/server1.conf – configuration file - TUN
port 1194
proto udp4
dev tun
client-to-client
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
push “route 10.8.0.0 255.255.255.0”
push “route 192.168.0.0 255.255.255.0”
push “redirect-gateway def1”
push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”
push “dhcp-option DNS 192.168.0.1”
push “dhcp-option DNS 192.168.0.2”
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
auth SHA256
tls-auth ta.key 0 # This file is secret
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
persist-key
persist-tun
status /var/log/openvpn/openvpn-status-server1.log
verb 3
explicit-exit-notify 1
#writepid /run/openvpn/server1.pid
auth-nocache

/etc/openvpn/server2.conf – configuration file - TAP
port 1194
proto tcp4
dev tap0
client-to-client
ca ca.crt
cert server.crt
key server.key
dh dh.pem
server-bridge 192.168.0.2 255.255.255.0 192.168.0.3 192.168$
push “route 0.0.0.0 0.0.0.0 192.168.0.2”
push “dhcp-option DNS 192.168.0.1”
push “dhcp-option WINS 192.168.0.2”
duplicate-cn
keepalive 10 120
cipher AES-128-CBC
auth SHA256
tls-auth ta.key 0 # This file is secret
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
persist-key
persist-tun
status /var/log/openvpn/openvpn-status-server2.log
verb 3
auth-nocache

client1TUN.conf – configuration file
client
dev tun
proto udp4
remote whateverservername 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tls-auth ta.key 0
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
remote-cert-tls server
cipher AES-256-CBC
auth SHA256
auth-nocache
verb 3
key-direction 1



Client2TAP.conf – configuration file
client
dev tap
proto tcp4
remote whateverservername 1194
resolv-retry infinite
nobind
persist-key
persist-tun
tls-auth ta.key 1
tls-cipher TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
remote-cert-tls server
cipher AES-128-CBC
auth SHA256
auth-nocache
verb 3
key-direction 1



Configure OpenVPN startup

/etc/systemd/system/openvpn/openvpn-server-bridge@.service
[Unit]
Description=OpenVPN server %i
Wants=syslog.target
Requires=network.target
After=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
Documentation=https://www.aaflalo.me/2015/01/openvpn-tap-bridge-mode
[Service]
PrivateTmp=true
Type=forking
PermissionsStartOnly=true
RuntimeDirectory=openvpn
ExecStartPre=/etc/openvpn/bridge/bridge-start
PIDFile=/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --status /run/openvpn/status-%i.log --status-version 2 --config %i.conf --daemon --writepid /run/openvpn/%i.pid
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
[Install]
WantedBy=multi-user.target

/etc/systemd/system/openvpn/openvpn-server-tunnel@.service
[Unit]
Description=OpenVPN tunnel server %i
Wants=syslog.target
Requires=network.target
After=network-online.target
Documentation=man:openvpn(8)
Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
Documentation=https://www.aaflalo.me/2015/01/openvpn-tap-bridge-mode
[Service]
PrivateTmp=true
Type=forking
PermissionsStartOnly=true
RuntimeDirectory=openvpn
PIDFile=/run/openvpn/%i.pid
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --status /run/openvpn/status-%i.log --status-version 2 --config %i.conf --daemon --writepid /run/openvpn/%i.pid
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH
LimitNPROC=10
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
[Install]
WantedBy=multi-user.target

STARTUP routine
Regular Roon Server Install
For OpenVPN startup, I enter both into systemctl

sudo systemctl start openvpn-server-bridge@server2.conf
sudo systemctl start openvpn-server-tunnel@server1.conf
sudo systemctl enable openvpn-server-bridge@server2.conf
sudo systemctl enable openvpn-server-tunnel@server1.conf

DD-WRT Router – Add Port Forwarding to ROON Server running Linux
DD-WRT Router – Static Route to OpenVPN tun0 LAN

2 Likes

Can anyone tell me if WireGuard works? Could you give me a tip (I don’t want to use openvpn)

Thank you very much to everyone

1 Like

Hi @Nepherte,
Did you ever get your VPN working in the end?
I feel close, IPs on same subnet, IGMP enabled. It even works if I run the ios app on wifi then switch to 4g/vpn.
So frustrating… :confused:

I only got my setup working up to the point where I can:

  1. connect with my iphone to my core over VPN,
  2. and control other end points from my iphone over VPN

but not:

  1. use the iphone as an end point itself over VPN

I sorta gave up as I didn’t want to dabble around and set up special rules on my router. I guess it has something do with certain multicast messages not arriving where they are supposed to arrive. Also, my VPN is on a different VLAN which further complicates things.

I’ll just wait for official support from Roon, if that ever happens, and even then, I might just keep using the Tidal app as the convenience factor is quite high there (e.g. download albums for offline usage).

The reason why it works when trying it first on wifi, then switching over to VPN, is that there seems to be an issue in iOS where using VPN doesn’t kill any existing connections made prior to using VPN.