this took me a while to figure out so I thought I’d share if anyone else is having issues:
If you correctly enabled port forwarding on your router and the Roon ARC apps still cannot connect to your Roon Core running on your Synology or comparable NAS, remember to also open the same port in your Synology firewall settings.
Once I opened the ARC port on my Synology as well the apps were able to connect instantly.
Hope this helps.
thanks for your advice!
I’m using Roon on Synology, as well, but don’t really know how to configure the firewall exception.
Can you elaborate on that?
Maybe upload a screenshot (with all the sentitive data blurred)?
Thanks in advance!
See below. Hope it helps. Let me know if this is not clear.
In the control panel of your Synology click on Security.
Here click on Firewall and then Edit Rules. This opens the firewall rules and your open ports. Here click on Create to create a new rule for ARC.
Here chose TCP and add the port selected in Roon ARC.
Doing all this should enable Roon ARC to connect to the Roon Core on your Synology.
Is it secure to open a port on the NAS like that?
Would it be only Roon that can communicate on that port?
Ports should be opened with caution only. It technically punches a small hole into your firewall so it makes the Synology generally unsafer. But I think it is a calculated risk as the port does not let you into you NAS outside of the ARC tunnel which is secured by your username and password.
thanks for your quick reply!
Just one more question: What has to be filled into Source IP?
- The internal Roon Core IP
- The external Synology IP provided by a DDNS-Provider (like Synology itself)
ps: Persönliche Freigaben sounds pretty german. Hence, I didn’t change my system language just for the purpose of the screenshot
You can leave it on Alle. With source IP you could potentially specify IPs who can use this port but I would not mess with this setting for this purpose.
Thanks so far,
I just found out that my router is the root cause for the connectivity problem:
if I try to access the external Synology IP, I end up with a login page of the router … but that’s another topic not in this forum
did you try port forwarding on your router?
The external IP of your Synology and your router should be the same unless you have multiple NATs set up. Port forwarding the same port on your router to the Synology which you just opened on your Synology should do the trick.
I’m not at home, just helping a friend.
Apparently, he doesn’t know the password and therefore the whole topic has to wait until I get it from his internet provider
Thanks for the reply
Just for my own understanding, you say that it does not let you into NAS outside of the ARC tunnel, but how does the NAS/Firwall know to only allow Roon/ARC traffic into the opened/forwarded port.
By opening port 55000 in the Synology firewall, does it not open all TCP traffic through this port?
It does and that could be a security risk you are not willing to take. Maybe my understanding is incorrect but I have no other application or interface on my Synology using the Roon ARC port so I assumed only TCP traffic is allowed into Roon Core on this particular port and not onto the entire Synology.
I`m not sure either, but I think its a small risk based on what I can find out through google.
the security can be increased if you also block out all connections from other countries than your own.
Yes that also works. And if you travel you can always use a VPN to still have your connection come from the country you specified. The general Synology security advices also still do help such as automated IP blocking, 2FA and account locking just in case someone uses open ports to try to get into your system.
thanks for your advice with Synology.
I’ve tried all your screenshots recommendations, no success for me.
I have this Synology 2600ac, and added the rules (actually, it was already there, greyed out).
I don’t know what I’m doing wrong. Still getting the Not Ready from roon Arc.
the 2600ac is a router, right? I do not own a Synology router so unfortunately I cannot help you. But all I did on my Asus router, was create a port forwarding rule to my DiskStation. This should open the router firewall to allow connections to the the DiskStation on your defined ARC port. Then all you should have to do is open that port also in the DiskStation firewall, otherwise the connections will reach your DiskStation but are stoped by its firewall.
Hope that helps.