Roon and Sonos on different Subnet

Greatings everyone, I’m new to roon.

I digged arround for some time now and the common mantra still seems to be that roon does not support different subnets (vlans) in anyway. However, most interesting threads I found are 2+ years old, so I decided to start a new one.

We have a roon core running on Linux in a VM on vSphere 6.7. roon and some audio devices are in a private network. We also have a public network, including a Sonos Connect playing music in a public area (kind of). Both can access files on the same SMB share, routing is done by Sophos SG.

Now I would like roon to have the ability to use Sonos as an output device but someone, who has access to the public network should not have acces to roon core and must not have access to the private network.

Options I thought about:

  1. putting all audio devices, roon and Sonos Connect in a completly new network
  2. bridging both networks
  3. assigning a 2nd NIC to the roon VM
  4. port forwarding all relevant Sonos ports to the private network

Obviously, since roon core nor Sonos offer something like user logins, option #1 would give control over roon to anyone who has access to the new network. Option #2 would even give access to the whole network.

Option #3 I’m very unsure about how roon core would handle a 2nd NIC apearing in the Linux OS. Would all services just work in both networks? This seemed to work for some users here with roon ROCK. Does someone here has a clue about this?

Option #4 seems to be impossible. I have never bridged networks before and forwarding broadcast packets is prohibited by Sophos SG, but it seems like I need to.

So if there is anybody out there who can provide expirience on #3 or #4, please share your work.

A simpler solution possibly, I use this

Public and private VLAN.

IP encoders on the public side. Broadcasts stream on public VLAN. Sonos plays radio stream. Music playlist controlled on Roon core on private side.

Okay so you did give your roon core 2 network interfaces, right? How did you manage to spread split services? Simply with firewall/port blocking or is there a config file for roon core somewhere?

No.There is no additional network configuration required on the Roon core. One ethernet connection to the managed switch.

The only connection between roon core and the public side is line level output to the audio IP encoder which sits on the public side.

I have added the network components to the picture.

Managed switch and router configuration (layer 2/3 network engineering skill) is assumed.

Okay if I understand correctly this will mean I have to put roon core and Sonos into the same IP-Subnet (thats not the case right now). Then block Traffic between devices on packet level in the switch or router, wich will requiere a port list. I found some ports mentioned in this forum but it’s not clear wich port ist what for.

Also, my Sonos (roon endpoint) will be in the public part of the net, roon core and remote will be private.

On the public side the sonos is acting like a internet radio.

On the private side the sonos is acting like a Roon endpoint.

Forget about networks for a moment and focus on the meaning of line level, audio IP encoder and icecast stream.

I have updated the diagram based on your questions.

Hi just wanted to give a note I had to delay the whole thing but I will again look into this sometimes past corona I guess :slight_smile: