Opening up a port to a core which if compromised would have the run of my internal network, without consent is NOT OK.
You’ve increased my home security vulnerability without really warning anyone and, worse yet, giving no one the ability to opt out. How, exactly do I block this if I want to?
You know what would make me feel a lot more secure? A trusted SSH key that is shared only inside the same network, and still have an easy way to disable this, or better yet, opt out on installation.
I’m really … beyond upset … that you allow this to happen without asking me if it’s OK, and without clear guidance of the risks posed, what mitigations are already in place and how to turn it off. Put me down under red hot fury of anger please.
Do you all understand it may be your software but it is my home and my computer and my network? You don’t get to poke big holes in the network like this without consent. Or at least you should know better.
If you go to the ARC page in settings and put a 0 in the port number, it will stop any auto setup.
If you are complaining about Roon making use of UPnP to open a port on your router for ARC, that is on you for having UPnP enable on your router in the first place - use port forwarding instead. If you are not comfortable with that, use ARC over VPN. In the end, every TCP or UDP communication will require ports to be open at both ends of the equation, there is no getting around this. Would you rather rely on a cloud based solution, which you would then have no control over at all, for opening these ports up?
While I understand the sentiment in your post…
Out of the box Core uses UPnP to open the port. If you enable UPnP on your network then that was your consent. If you disable / don’t run UPnP then Core has no way to punch this hole.
Personally, I would have preferred Core shipped ARC “off” but when I installed it here, because I don’t have UPnP anywhere, that was the same as “off” in my network.
Consent matters, most of all. Next understanding the security practices and risks involved here matter as well.
Any community mitigation strategies are not good enough to stop me from wondering if Roon developers are serious.
Also, not a feature I asked for.
Of course I don’t have UPnP enabled on my router.
Then what is the issue?
How many devices/services out there use UPnP and do so without notifying the user? Roon isn’t the only one. This is how UPnP was designed.
Then, honestly, I don’t understand your post. But that’s on me.
Consent, and disclosure. Thought I made that clear.
Understanding exactly how it opens up a port, where it opens it to and how security is treated upon installation matters. I shouldn’t have to come here after the fact.
And from how many companies that make use of UPnP have you gotten this “consent, and disclosure” or is only Roon required to do this?
You know what i’m not here for? You telling me why I should not be upset over this. This thread isn’t for you.
I have nearly identical concerns.
(1) roonlabs ought to publish the security model for this feature.
(2) roonlabs ought to publish platform-specific instructions that users can follow to ensure that both malicious actors and unwanted roon arc clients can’t penetrate their LANs using whatever mechanisms are exposed in (1).
Finding out through this forum that setting a port to 0 in an options menu just doesn’t cut it. If ARC is left on by default, even if unused by a majority of users, are their servers and collection now wide open for exploitation by any coder?
If you read some of my posts you will realise that I know naff all about computers but I did work out that for ROON to access my core from outside the home it must have a gateway. I then weighed up whether I wanted ARC or not. I feel quite clever now.
I don’t allow any inbound traffic other then to my DMZ VLAN where web and mail servers are living so no roon ARC for me before I know more how it works
Also what security will this roon 2.0 core server has living on the private LAN containing all your music & more when open to the public Internet? Sure it’s only a TCP port standard on 55000 but he that’s easy to find with a simple portscanner
Another point I find is the childish replies on the OP as his conserns are real
REST API over an authenticated HTTPS connection.
Is there something more specific that you wanted to know?
If you don’t have UPnP enabled on your router, then NO ONE from the outside can reach the ARC daemon, unless you deliberately set up port forwarding to allow them to do so.
If you have UPnP enabled on your router, then any application on any machine on your LAN can open a listening port to the outside world. Nothing special about Roon in that regard. If you don’t want applications opening listening ports to the outside world, don’t turn on UPnP (a piece of “advice” that has nothing to do with Roon).
On that point I agree. An explicit “off switch” would have been more user-friendly.
Only if the users deliberately enabled UPnP on their routers, in which case I suspect that this is not the only port that’s open to the outside.
While I appreciate your input, @Jacques_Distler, you don’t appear to be a roonlabs employee. roonlabs ought to be providing this information to it’s customers so they can assess the risks of making their premises more vulnerable.
That is standard network functionality, it doesn’t take a Roon employee to explain it to you.
Yes Roon should have explicit switch with a default of off.
Plex does this.
I really don’t get the issue. If this matters to you, disable UPnP on your router (which you claim to have already done). Once you’ve done that, your concern disappears.
I mean, I get the security concern you have, but complaining that Roon is taking advantage of a published standard seems silly to me.
FWIW, you can still use the ARC functionality by setting up something like Tailscale on your devices. So you can have your ARC and security too.
In security we talk about two modes:
That is, during a failure do you want things to shutdown or do you want them to work with added risk?
In this case, the failure OP identified is lack of information. We have a lack of information from Roon that triggers a failure mode.
If you have UPnP off then you’re failed closed in this scenario. If Roon never responds, and you can’t get the info yourself / from the community, then stay closed. If you have UPnP enabled then you’ve already decided to fail open but you made this decision well before ARC was a thing.
I’m a fail closed guy. Most people should be failed closed when it comes to network security but that requires a deeper understanding of how this stuff works. If you don’t have enough info, for you to feel comfortable, on how this stuff works then there is a simple answer: fail closed