Roon ARC over commercial VPN

Roon Core Machine

Custom HTPC
Core i7 3770 @3.4GHz
24GB RAM (although 8GB is used as a RAM drive)
Windows 11

Networking Gear & Setup Details

Wired Network
Archer VR600v modem/router
A TP-Link TL-SG1016D Gigabit switch is the only thing in between.
Express VPN

Connected Audio Devices

Probably not relevant for this issue.

Number of Tracks in Library


Description of Issue

Notes before continuing:

  • This is a continuation of topic All Art disappeared from Roon Core
  • This is regarding a server sitting behind a commercial VPN. This is not regarding using a VPN set up on a NAS to access my library outside my home. For clarity, I will use “local VPN” to refer to the latter scenario for the rest of this topic.
  • “Split tunnelling” refers to running the VPN on a device, but splitting an app out so it does not run though the VPN.

These are the results I am getting:

  • With the VPN turned off Roon ARC works correctly using UPnP for port forwarding. This was only achieved after calling my ISP to turn off the Carrier Grade NAT on my service.
  • With the VPN turned on, Roon ARC does not work at all (outside my network). Roon and Roon ARC both work locally although the Roon (controller) on Android only required split tunnelling, with the Roon app not running through the VPN.
  • With split tunnelling enabled on the server with the Roon app (on said server) not running through the VPN, Roon ARC works correctly, however all artwork is lost on the server, and in turn any displays. Artwork remains on other controllers/end points.

So the result of all this is, I can have any two of; running the VPN on my server, having artwork on my server (and displays) or having Roon ARC working, but seemingly not all three. I don’t think any of these options are acceptable.

I have tested split tunneling all of the Roon, RoonServer and RAATServer apps (on the server machine) with the same results. As a professional “Quality Assurance Analyst”, nothing annoys me more than having to run multiple test on software when I am at home. And don’t get me started on why Roon figured it was a good idea to hide the Roon application(s) in appdata on Windows rather than, you know, applications.

Anyway, I have read through multiple community threads with most seeming to confuse commercial and local VPNs, and none seeming to offer any solution to this, although there seems to be many people having similar issues that may not have realised the cause. For me, the following “solutions” I have seen in other posts are also not acceptable:

  • Turning off the VPN. Roon data itself I am not concerned about, but the server runs multiple duties.
  • Buying new equipment.
  • Having this labelled as a non-supported case (although mention of this seems to refer more to local VPNs).
  • Running a local VPN. I believe this is the not supported case mentioned above, is less reliable, and in all honesty I just don’t want to do it when there is a perfectly good app that achieves the same thing that I have paid good money for.

I find it hard to believe that running your internet connection through a VPN is out of the ordinary in this day and age. As such, I would have expected at least some testing to have been done with regards to VPNs. The ultimate solution would be for it to just work obviously, but barring that, I cannot see why, or even how, split tunnelling the app outside the VPN makes all artwork disappear. This seems to suggest that different functions within the app are somehow using different connections to the internet, which at best seems non-standard.

Over to you.