Remote connection via VPN - [Resolved] but ongoing discussion

I think you are really asking two questions:

(1). How can I VPN in to my home Roon Server.

Answer, at the moment Roon does not support this. Some other users may have gotten something running and they might be able to offer insight.

(2). Can I play music from Roon on my iOS device, iPad or iPhone.

Answer, at the moment Roon does not stream music to iOS devices. This is due to issues with Apple’s OS, the framework Roon uses and some other issues. There are several threads detailing this if you care to search, here is one example:

Thank you Daniel,

I did not find this issue in the feedback thread you linked at under 2).
But this is an understandable reason.

VPN probably would not be an issue for me, because I already was successful when trying ist.
I have a Fritz!Box and its VPN is working fine with Roon.
Without being able to use the iPhone as an playback device, I just do not have a use case for VPN at the moment.

We will see, what will happen :blush:

Except you can use iOS as a playback device now. It’s a new feature in 1.4. So if VPN is working we just need to identify why Roon won’t connect across it. I suspect it will be a port forwarding rule combined with a manual server entry on the client - possibly the discovery protocol could be made to work also but it’s secondary. I will have a go at this some time soon as it gets around the lack of Roon mobile capability while I’m on wifi.

iOS and Android don’t allow bridge based VPN like OpenVPN TAP. Regular VPN creates a different network segment and routes data between, the server endpoint discovery won’t traverse across network segments.

Yep, was on mobile device before so couldn’t search so easily, I now understand it’s a broadcast RAAT connection from the server to the iOS device which won’t work across VPN. So it’s a dead duck and we wait for mobile support. The unfortunate part about this is that it means homes with multiple subnets (i.e. WiFi on a different subnet) won’t work either. I used to have mine like this and had to change it solely for Roon. Would have preferred not to for security reasons, but oh well.

When using OpenVPN it works fine (both for access to the the Roon Server as well as streaming music), but you have to ensure to use TAP mode (bridging mode). It won’t work using TUN mode (routing mode).
Unfortunately iOS does not support TAP, so you can’t simply VPN from your iOS device. However if you got a laptop or some other non-iOS device you should be able to setup vpn with TAP mode.

I was able to get streaming to work on my iPhone from remote (foreign Wifi and LTE) using SoftEther (free) largely following this link:

On the iOS side, nothing is needed but the built-in L2TP client. I am presently on 11.2.5 iOS, however, I recall the L2TP client having been available on iOS for a very long time.

Caveat: I do systems for a living and I already had a Linux VPN/router that I was running OpenVPN (not needed, but a things like IP forward were already on, etc.), so a lot of the groundwork was already laid.

If there is sufficient interest here, I will write a mini howto, but I’d only be versed in the Linux (non-GUI) variant.


Interesting, is SoftEther allowing the iPhone to bridge to your network or is it doing something special with the broadcast data from Roon Core?

I would have to dig deeper into L2TP to answer that question. It definitely streams data from my home Roon core over LTE (wifi off) to my iPhone, however.

I’m guessing the OpenVPN limitation is in the TAP driver they rely on for bridging, and not so much iOS itself; just a guess, however.

I see mention of L2 support in SoftEther overview.

Also, I’ll throw out that setting up the rules for AH, GRE, ESP, ports 500, 4500, and 1701 UDP can be very tricky to configure to allow through at the consumer gateway level, too, whereas OpenVPN typically wants 1194/UDP.

It’s do-able, but dealing with the customer gateway is a big pain.

What I did for my Linux router is made it a DMZ host to pass through all traffic, and do my security at the iptables level.

At the gateway level, firewall is disabled, the DMZ is my Linux router, and there are no custom port forwarding rules configured at the basic configuration screen (caveat for advanced screen is below):

Under advanced, you want these port forwarding rules enabled:

I guess I never thought about it, but the ‘L2’ in ‘L2TP’ prolly means layer 2. :slight_smile:

I’m using the OpenVPN iPhone client to vpn in to my Netgear R8000. The connection from my phone ends up in a different subnet than the OSx host running Roon Core on my local network. I have the same issue as everyone else where Roon can’t seem to find the Core. Interestingly, when I’m home, if I connect the vpn, then enable WiFi on my phone, the VPN connection pauses, Roon connects to Core, then if I disable WiFi, the vpn connection resumes and Roon continues working just fine over the VPN connection. I’m able to browse, stream to phone etc. So, Roon can’t “find” the core over VPN, but if its already connected, it happily continues to function over a VPN TUN link.

I agree this should work over OpenVPN. The L2TP/SoftEther solution I found is a bear to implement and isn’t an option for people with hardware devices such as yours.

Update: after enabling IGMP Proxying on my router, roon discovers the core and works perfectly.

MInus the ability to playback on the roon remote.

1 Like

I’m definitely able to playback on the roon remote (my iPhone) over a vpn connection.

That’s new and the first time I’ve heard of it working with OpenVPN TUN.

On my system where I use iOS vpn to connect to my home network, I find that when I am on cellular service, Roon connects and plays fine. However, if my iOS device is connect via WiFi, even though vpn is connected (and things like RDP works), I can’t see Roon. I think this has to do with being on different subnets. Any way to solve this problem?

I just switched back to TUN with IGMP proxy enabled and I can’t find the cores from the remote never mind the core find the RAAT endpoint. Asus router.