Roon ARC setup error with MultipleNatFound and NetworkError (ref#3WD05I)

Network Setup

· I use a single personal router not provided by my ISP

ARC Status

· ARC is *Not Ready*

Roon Error Code

· None of these are listed. It simply says "TIMEDOUT" or similar.

System or third-party *firewalls *or *antivirus software* can sometimes block RoonServer from reaching ARC.

·
Try adding RoonServer and its associated processes to the whitelist of any firewalls or antivirus software you have installed, including the Windows system firewall, if applicable.
[You can learn more about firewall exceptions with Roon here.](https://help.roonlabs.com/portal/en/kb/articles/firewall)

Has the status in Roon -> Settings -> ARC changed after adding exceptions in your firewalls and antivirus software for Roon?
ARC is still *Not Ready*

Don't give up yet.

· I'm stuck. I'd like to create a post to ask Roon Community for help.

Describe the issue

I have trouble in setting up Roon ARC. The error shows as {
"ipv4_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"},
"external_ip": {"actual_external_ip":"121.aaa.bbb.ccc","actual_external_ipv6":"null","router_external_ip":"192.168.1.1"},
"status": "status": MultipleNatFound
,
"natpmp_autoconfig": {"status":"NotFound"},
"upnp_autoconfig": {"server_ip":"192.168.50.1","found_upnp":true}
}

Describe your network setup

Running roon on MacOS and I have ASUS Router

It looks like you have two routers in your network setup:

• There is a MultipleNatFound status
• You have enabled uPnP and that has succeeded in setting up a port forwarding rule on your router.
• The configuration status test is reporting the public ip address seen by the Roon cloud Servers (121.aaa.bbb.ccc) and the external IP address for which the router is configured (192.168.1.1) is not the same (ie another layer of NAT between the router that your roon server is connected to and the public ip address that is seen by the Roon cloud servers).
• The external ip address of your router (192.168.1.1) is in the 192.168.0.0 to 192.168.255.255 range which is reserverd for non-routable networks and so is never used by ISPs.

How does the Asus Router connect to your ISP line? Is there an ISP router or ‘modem’ as well? Many ISPs refer to the supplied device used to connect to the broadband line as a modem but it is, more often than not, a combined modem and router. Optical Network Terminators (ONT’s), used to connect customer equipment to the broadband fibre optic line, are usually not routers but this is not guaranteed.

If your ISP supplies you with a router or ‘modem’ then, this modem/router should be put into ‘bridge mode’ which is also sometimes called ‘modem only mode’ if possible to elliminate the NAT layer associated with that device. Sometimes this is not possible because the ISP supplied router does not offer that functionality. If the router supplied by the ISP connects to an ONT and then your ASUS router connects to the ISP router, it may be possible to disconnect the ISP’s router and just configure the ASUS router to connect directly to the ONT and use, usually, PPPoE to authenticate to the ISP. You will need to know the username and password for PPPoE and you may also need to know a VLAN ID. The means by which you configure a VLAN ID (if required) differs between different ASUS routers. It is either part of the WAN settings (in the 802.1q settings section or, on older routers, it is in the IPTV setting tab in the LAN settings page (As shown below).

image1920×1274 124 KB

If you can’t put the ISP router into bridge mode, then you could put your ASUS router into Access Point mode. This will stop it acting as a router lust leaving it to work as a network switch that also supplied WiFi access. However, depending upon your reasons for using the ASUS router, this may be undesirable because it leaves all of the security setup to the ISP router to which it is connected.

Finally, an option with the two routers in place is to set up double port forwarding. To do this, you will need to disable uPnP on both routers and then configure an explicit port forwarding rule to forward TCP connections on the ARC port on both routers.

• On the ISP router, confgure a port forwarding rule to forward TCP connection on the ARC port to the WAN side ip address of the ASUS router (as seen in the screen shot below - but note my ip address is blocked out):
  
  

  image1920×1227 131 KB
• On the Asus router, configure a port forwarding rule to forward TCP connections on the same ARC port to the IP address of your Roon Server.

If you do any of these, then the port forwarding setup will be as complete as you can make it. If you continue to see ‘MultipleNatFound’, then it is probable that your ISP is using CG-NAT which is incompatible with port forwarding.

If this is the case, then you have two options:

1. Contact your ISP an ask them if they can configure your account to use a public ip address that supports port forwarding (they may charge for this service).
2. Abandon the use of port forwarding as a mechanism to get Roon ARC working and instead setup up Tailscale as described by the document at:
   https://help.roonlabs.com/portal/en/kb/articles/tailscale-setup-instructions-macos-roonserver
   More general Tailscale instructions for tailscale can be found at:
   https://help.roonlabs.com/portal/en/kb/search/tailscale
   Although this instructions do not address the setup for Roon Servers which cannot run Tailscale on the same device (such as the original Nucleus, Nucleus Plus and some older ROCK installations).

Note 1: You just use Tailscale instead of port forwarding anyway, irrespective of whether or not your ISP is using CG-NAT. This may be simpler for you than messing around with router configuration and/or manual port forwarding.

Note 2: Whilst Tailscale is the solution officially supported by Roon, your ASUS Router may directly support a Wireguard VPN which works in exactly the same way as Tailscale and can be used in substantially the same way. The ASUS wireguard configuration, if supported by your router, can be found under the VPN page:

image1920×1530 124 KB

Note: My setup also shows that an OpenVPN VPN Server is also configured. This is likely not an option that will work for you and should be ignored.

Hey @amvrobin,

Thanks for writing in and welcome to the community! @Wade_Oram is absolutely steering you in the right direction with their response above - we don’t have anything else to add at this time, so please let us know how the above goes and we’ll be on standby for your reply!

You maybe right, @Wade_Oram I have one optical modem router from ISP which converts Fiber network to CAT6 cable which is connected to ASUS router. I might need a PC with Ethernet port to access the configuration on it, I believe.

So, I tried the Tailscale and it worked, fortunately.

Thanks for your assistance on this. I am glad it works via Tailscale.

This will be one cause, hopefully the only cause, of the MultipleNatFound status issue.

It’s a bit academic now. You have a solution and you should probably just stick with it. However, F.Y.I. you should be able to configure the ISP router with any computer, or tablet (a phone may be too small a screen to be comfotable) that provides a web browser and is connected to your ASUS router either by wired ethernet or WiFi.

Your ASUS routers WAN side ip address is 192.168.1.1. This suggests that the ISP router is likely found on 192.168.1.254 (.1 and .254 are the common default LAN side ip addresses in routers). However, it might take a little investigation to be sure. Once you have found (or guessed) the correct ip address then ISP router WebUI can be accessed using that ip address.

e.g. If the ISP is on the ip address above, then http://192.168.1.254 will work.

This topic was automatically closed 36 hours after the last reply. New replies are no longer allowed.