I would like to use Roon Arc without enabling UPnP, because UPnP is unsafe. Is it possible to use Roon ARC without UPnP? My Roon Core server is running on linux behind NAT. It has a local 10.x.x.x IP and 2 official IPv6 addresses. I have created a port forward rule on my Dream Machine Pro router. The port forward rule is working for sure, since I have tested that it works for outside IP. Have defined this port in the “Setup->Roon ARC” section. Have also tried to allow both IPv6 addresses through the firewall without success.
I’m running the latest version of Roon: “Roon version 2.0 (build 1277) production (64bit)”
I can’t get Roon ARC working? Any tips? Is UPnP a requirement for Roon ARC? Is it possible to hard code in the external IP? I have a static IPv4 address, so hard coding isn’t a problem. IPv6 is dynamic, so hard coding isn’t an option for IPv6. Should I disable IPv6 then?
UPnP isn’t really unsafe, but you can use it without UPnP by setting up the port forwarding rules manually on the router… UPnP is just a way to automate that.
That said, port forwarding as a concept is just for IPv4, you need to decide whether you use v4 or v6.
I disagree with your statement that UPnP is safe. I would avoid enabling UPnP since there is no way to authenticate a port opening. Anyway my question wasn’t about safety using UPnP, so no need to start a discussion about that topic.
I can use IPv6 if that’s the only option, with some scripting on the firewall to update the dynamic IPv6 addresses. If IPv6 is the only path to my goal, is disable the default gateway for IPv4 the best solution to force IPv6 usage?
If you have a rogue application on a home LAN that opens ports by UPnP without your agreement, you already have way bigger problems than UPnP because that rogue app can breach the perimeter already without opening any ports. (Also, some routers can limit UPnP allowance to specific devices - mine can). The first step to security is knowing what the threats and mitigations are. But yeah let’s leave it at that
I have a static IPv4 address and it works without issues. However, a static one is not necessary and a dynamic public IPv4 also works, as long as it is a proper IPv4 that can be port forwarded. (I.e. not CG-NAT). Though I guess it depends on how often the ISP actually changes the dynamic IP in practice.
On the other hand, since Roon 2.0.16 with the May 8 update it should also work with IPv6, at least on many ISPs. But I never played with that, so no idea:
Even if I don’t have rouge applications, I don’t trust other family members not to do stupid things. Strengthening the security isn’t a bad thing. Have also enabled IDS/IPS to warn me about bad stuff. Well, enough about this off topic…
I got a public IPv4 address that I control 100% with my own router, so no CG-NAT crap. Do you care to explain how you got yours working? Did you hardcode the IPv4 address somewhere to get it working? I can’t connect to my roon core when outside my local network. Don’t know if the Roon Core server publish my IPv6 addresses or if it publish my local 10.x.x.x address? If it publish my local 10.x.x.x address, then that would be the problem. I would prefer to use IPv4 since sadly IPv6 isn’t always an option when I’m out of my local network.
If anyone got IPv6 working I would really like to know how.
I’m not quite sure how you mean that you control a public external IP 100% with your own router, because at the very least you get this external IP from your ISP who has IPs in their pool and assigns one to you, either a static one or a dynamic one.
Otherwise, I did nothing special. I went to the Roon ARC settings in Roon, looked up the port number that it is using and set up the port forwarding on the router to forward this port number on my public, external IPv4 address to the same port on the local, private IP that is used by my Roon Core. That’s about it.
Addresses from the private IP ranges like 10.x.x.x or 192.168.x.x can’t be published in any meaningful networking sense because they are repeated in countless private networks and are simply not routed on the internet. I can tell you that the private IP address of my Roon Core is 192.168.178.26 and you can do absolutely nothing with that.
That’s precisely why with NAT-ed IPv4 networking you need port forwarding on the router from the public, external IP address (that you get from the ISP and that is routed on the internet) to the private one of the Roon Core, if you want to run an internet-accessible server like ARC.
In the past, you could use a public IPv4 address for every device on your network and control external access to these IPs with firewalls, if you got a public IPv4 block from your ISP. But nowadays there are not enough public IPv4 addresses for that, hence the need for NAT. IPv6 isn’t much different in this regard, just that the address format differs, there are orders of magnitude more available addresses, and hence every device gets its own public one. Then you don’t need port forwarding as such but control access to the address and port by firewall rules on the router. Practically this amounts to very similar things, just the mechanism differs.
I got 1 static IP from my ISP and use NAT port forward, not public IP on all devices of course.
I did some testing, and enabled UPnP. Also tried to disable IPv6 completely on the Roon Core server. It still doesn’t work, but there is something very strange going on. The port forward rule created points to my desktop I access the Roon Core server from (Roon Client). This is of course wrong. I would expect the rule created pointed to my Roon Core server.
When looking into “Setting->Roon ARC” it states that Roon Core is running on my desktop computer. The IPv4 and IPv6 that is reported are to my desktop computer and not the Roon Core server. This is very strange?
I still need help sorting this out. I could try to reinstall the Roon Core server, but that would be last resort. Still need to find root cause.
If you install the Roon app on the desktop, it includes a Core. During first start, you decide whether you want to connect to a separate Core server or if the Core should run on the desktop.
It sounds like either there is a bug or you inadvertently configured the Core on the desktop. If I recall correctly (am not at home), in Settings > About you should see what the Roon control app considers to be the Core.
I run a separate ROCK as the Core, and of course - as you expect - that’s where the port forwarding rule must point to. Works for me just fine (including with UPnP if I use that)
You are correct. The Windows client was configures as a Core. I signed out and unauthorized it. Now Roon ARC works. Thanks.
Just a follow question. How do I uninstall Roon Core from my Windows Client? There is just a waste of space and resource for it to run in the background.
You can’t uninstall the Core from the desktop, it comes with the all-in-one Roon installer. There is a separate package for the Windows server (just the Core without control GUI), but no separate package for just the control GUI
