Roon ARC port forwarding issue

Operating System is Windows 11 Pro

My Networking hardware is the ASUS RT-AX82U WiFi 6

The results:

-After numerous tests and reading on others posts here, the issue persists…I’ve gone into the settings of my ISP router and opened the ports 55000 - 55002, and on my ASUS Router via (WAN/Port Forwarding).

-I’ve also set a Static IP through the ASUS router interface in (LAN/DHCP Server)

-UpnP is enabled, NAT type is Symmetric

-To add, my assigned IP as is shown in MyIPLookup is different than the one assigned to my PC via DHCP Server, so I am not sure if that is of any consequence.

The questions:

-What interests me is whether or not my Kaspersky Firewall is blocking the access to the ports and how I can actually effectively create an exception there as it has taken the place of the Windows Firewall.

-Should I also have a Static IP assigned to my ISP Router as well ?

The error from Roon is as follows:

{
“connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“85.aaa.bbb.ccc”,“router_external_ip”:“null”},
“natpmp_autoconfig”: {“server_ip”:“192.168.50.1”,“found_natpmp”:true},
“upnp_autoconfig”: {“server_ip”:“192.168.50.1”,“found_upnp”:true,“error”:“doaction request return statuscode: ConnectFailure”}
}

If anyone has any tech knowledge and/or uses Kaspersky and knows how to use the Firewall to add exceptions to ports, you would be of great help

Hi @Rom_ulus,

I would at first turn off any firewall, virus scan software and test if Roon Arc is working properly. If that’s working, you know your port forwarding is setup correctly. Then turn it back on and see if it fails, then we know quite sure it’s your firewall.

To create a firewall rule for Kaspersky, please visit this site.

Hope it helps.

Kind regards,

Maarten.

It does look like possibly firewall and I agree with @Maarten_Duits: turn off firewall and antivirus temporarily and check if that works.

Regarding other things you asked, some basics may be helpful:

One port should be sufficient, the one that your Roon ARC settings are showing

MyIPLookup shows your public IP, the one under which your router is visible from the internet. The DHCP server on the router assigns the internal IP on your LAN. These two will be different, this is OK and expected as the router’s job is to translate between the public and the internal one.

The one you see on MyIPLookup should be the 85.aaa.bbb.ccc from the Roon error message, the aaa.bbb.ccc of course being replaced by numbers.

The internal IP assigned by the router’s DHCP should be on the same local network as your router. Your router seems to have the IP (also from the Roon message) 192.168.50.1, and your internal one for the Roon server should therefore be 192.168.50.* (the * being a number again). This should be the one you see in Roon ARC settings as “Roon Core IP”

That’s not something you decide. It’s your ISP that decides which kind of public IP it assigns to your router. It must be a public one, but it does not have to be static. (There are dynamic public IPs that may change each time your router connects, and static public IPs where your router always is assigned the same one).

So am I supposed to set the same IP address for both the router and the PC or is 198.162.50.60 okay as the Roon Core IP ?

Also, I turned the antivirus off and then I got the message

{
“connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“85.aaa.bbb.ccc”,“router_external_ip”:“null”},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“server_ip”:“192.168.50.1”,“found_upnp”:true,“error”:“<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/\” s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/\“><s:Body><s:Fault>s:ClientUPnPError<UPnPError xmlns="urn:schemas-upnp-org:control-1-0">718ConflictInMappingEntry</s:Fault></s:Body></s:Envelope>”}
}

Then I added an inbound and an outbound rule to the windows base firewall for the port 55002 but nothing changed.

I was actually planning to change my antivirus since my current subscription was ending, so I am installing Bitdefender right now to see if it’s easier to work with…

Each IP address must only be used once. They are supposed to unambiguously identify your devices. If using DHCP on the router, the router will automatically and dynamically assign the addresses and will take care of this.

However, if you ever assigned static IP addresses to devices on your LAN, you must ensure this manually on the devices.

All of the IP addresses must come from the same LAN network block.

• Roon only works within such a block, it cannot traverse from one block to another.
• This is the normal setup on a home LAN, so should not be an issue unless you manually (mis)configured things.
• To clarify:
  – When using the 192...* addresses, the first 3 numbers identify the network, 192.168.50.* in your case. (Note: 192, not 198 like you wrote in the latest post)
  – The last number identifies the device in this block. They can go from 1 to 256. Your router is 192.168.50.1, your other devices on the network can be 192.168.50.60 like your Core (this is fine), and other devices need individual numbers. Again, if using DHCP on the router, this should be taken care of automatically.

Continues in my next post …

This is the error after you turned off antivirus. The ConflictInMappingEntry looks like you might have conflicting port forward rules, or you have duplicated IP addresses on the LAN

Maybe you have UPnP enabled AND set up manual port forwarding rules for the same ports. In this case, either use UPnP and delete the manual rules, or use a manual rule and disable UPnP on the router.

It may also be caused by forwarding ports 50000-50002 - as mentioned, you only need to forward one port, the one that Roon tells you in its ARC settings. (On most machines this is 50000, but sometimes Roon seems to use 50002. Use the one it shows)

Or it’s a combination of these things.

The fact that this new error only seems to occur after you disabled the antivirus probably hints that you have two problems

1. The antivirus blocking
2. The issue with conflicting IP addresses or port forwarding rules

In this case, leave antivirus disabled for now and figure out the issue #2. Once this works, enable antivirus again and figure out issue #1, i.e. how to teach the antivirus to let the traffic through

Screenshot (4)1892×232 24 KB

So, I turned off the antivirus and tried it with the upnp deactivated, I then activated UpNp and disabled the inbound/outbound rules. I ended up with the following error message

{
“connectivity”: {“status”:“NetworkError”,“status_code”:504,“error”:“error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined”},
“external_ip”: {“actual_external_ip”:“85.aaa.bbb.ccc”,“router_external_ip”:“null”},
“natpmp_autoconfig”: {“status”:“NotFound”},
“upnp_autoconfig”: {“status”:“NotFound”}
}

So I can see the change to the upnp_autoconfig status and the upnp_autoconfig, instead of displaying “server_ip” etc. etc. , it just shows “NotFound”

As a side note, I’ve attached a screenshot of the Windows Antivirus screen concerning Roon and RAAT. I don’t remember adding these rules so maybe they are there by default, otherwise I may have to delete them.

This now looks as if UPnP is disabled

Which I realize is weird because you said you enabled UPnP and disabled the manual rules. Are you sure?

It’s good that you found these firewall rules, I think this is confirming what I thought, 2 independent problems

I literally have no idea what’s going on What I may have to try before calling an IT guy is try to connect to Roon on a laptop connected to my ISP provider router, to skip the middleman which is the ASUS router…That would mean I would just have to deal with the Windows Firewall and a generic router

Ah, I missed that. I was going by “My Networking hardware is the ASUS RT-AX82U WiFi 6” and overlooked the later mention of the ISP router. OK, the principles of what I wrote remain correct, though, but you need two rules, I think:

1. Set up port forwarding on the ISP router. I guess you will need to do it manually.
   – The ISP router is the external interface and it must be able to forward from the external IP & port to the internal network, this being represented by the Asus
   – Make sure that the ISP router is in bridge mode (doesn’t try playing local router, and does not hand out IP addresses by DHCP)
   – The port forwarding rule on the ISP router should forward the port to the Asus router.
2. Then set up similar rules on the Asus router, so that it forwards further from the incoming port to the machine where Roon runs.

I think! Someone correct me if I am wrong

You are a living legend, that’s all I got to say. I couldn’t find the Bridge Mode in my ISP Router’s settings so I just did the port forwarding from the ISP to the ASUS router and then from the ASUS to the Roon Core IP and it finally works. It never occurred to me that it’s like a chain of connections that needs to be set up.

I’m marking your last comment as a solution but thank you so much for taking time out of your day to help me, god bless

Fantastic, and many thanks for the very kind words! Enjoy the mobile music!

(“bridge mode” is a generic term, it will have different names in actual router administration interfaces. I think you are set and likely you had it always correct, as it already worked in the past. It happens that people leave DHCP enabled on the ISP router and also have it enabled on the private router, then the devices get randomly IPs assigned from one or the other, typically from arbitrary different networks, like 192.168.10.* from one router and 192.168.20.* from the other router, and then nothing works because they can’t talk between the …10… network and the …20… network.)

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.