Dear all
I am evaluating Roon labs and I am totally excited about the quality and the features.
As I am living at two sites I am just wondering whether it is possible to use the Roon core in both sites.
This sites are connected via VPN and do have two different subnets.
I was searching through the community and read a lot but I am not clear how and at all.
Is there a clear description for my use-case?
Thanks a lot. Regards.
Yes, but there is no official support and itâs very much in the realms of âtinkeringâ â given the plethora of different VPN solutions there isnât a single / simple guide to getting this working.
It will also depend on the speed and stability of your broadband network at both ends â it needs to be good to work reliably, what VPN solution you are currently using (or prepared to swap to) and how technically minded you are.
But depending on your current VPN solution, you may be able to use a UDP relay like udp-proxy-2020 to achieve what you want using. Other seem to also have had success with ZeroTier but I havenât used it myself so canât personally comment on how well it works.
Given you are currently evaluating Roon, why not give it a try and see if your network is stable enough to support a remote connection.
Youâve probably already come across these threads, but if not, these are likely the best place to start:
2 Likes
Thank you very much. Seems a lot of work to do?
My installation is in a subnet 10.100.5.x.
The core is installed on 10.100.5.20.
The other subnet is 10.100.6.x and connected via VPN.
Is there a simple way that SONOS players in the other subnet (10.100.6.x) can play from the core (10.100.5.20)?
Thanks for your help.
Roon does not officially support subnets at all although Chromecasts and Airplay do work across fine if your network also supports mdns correctly, I have all my Chromecasts on a separate vlan. Not sure if Sonos does I only have one and itâs on the same network as my core. But all of this is down to users to work out and generally requires more open and configurable network equipment to achieve it.
If the two networks are connected through routers which ports must I forward to the core?
Iâve moved this to the tinkering section as it involves said jiggery pokery.
Roon relies on UDP messages for the discovery of endpoints, which arenât normally passed across VLAN or subnets, let alone VPN tunnels.
As CrystalGipsy suggests, if youâre only interested in Sonos and ChromeCast devices then the mDNS setting (if your router has one) may be enough to allow the required UDP packets to span subnets. The easiest option is to try it and see.
But for Roon to discover RAAT devices (which use different UDP ports to mDNS) and especially if youâre trying to relay those UDP messages over a TUN based VPN connection youâll need to use something like udp-proxy-2020.
In short it will depend on your router and your VPN solution. But other than enabling mDNS and seeing if that works, youâll likely need to do some low-level network configuration and install or enable some software (like udp-proxy-2020) to relay the required UDP packets.
You can see if someone has written a guide for your particular router and VPN â might be worth stating what they are â and then installing the required software and modifying the subnets/interfaces as necessary to exactly match your setup. Using OpenVPN or Wireguard with udp-proxy-2020 seems to have the highest success rate and youâll find a couple of guides in the tinkering section for both those setups.
If you want an easier route it may be worth looking at ZeroTier, but as mentioned above I have never tried it myself so canât vouch for how reliable it is.
1 Like
Itâs not TCP ports that are the problem, itâs the UDP packets (which Roon uses for device discovery) which your router wonât normally pass across subnets as they are âbroadcast packetâ intended to be broadcast to all devices on a single subnet â if you think about it you wouldnât normally want those packets broadcast to even every device on every neighbouring subnet.
The solution is to use a UDP relay, which can in effect listen on one subnet / interface for certain broadcast packets and then re-broadcast them onto another subnet / interface. This is different from the traditional network routing done by your router.
mDNS is one such relay (often found on routers) that can handle this for mDNS UDP packets this will possible work for Sonos and Chromecast devices that use mDNS. But itâs unlikely to work with VPN tunnels and wonât work with normal Roon RAAT discovery (as it uses different UDP ports).
The solution (in that more advanced case) is to run a relay / proxy like udp-proxy-2020 mentioned above and configure which network interfaces the UDP packets should be relayed (or re-broadcast) across.
1 Like
As people have indicated, youâll need two things:
- Something like
udp-proxy-2020 - A compatible VPN solution
where âcompatibleâ is a VPN solution that has a virtual network interface (site-to-site IPSec, OpenVPN, Wireguard, etc). Specifically, road-warrior type IPSec VPNâs donât work.
The challenge with site-to-site VPNâs is you need to run udp-proxy-2020 on both VPN servers. However, if youâre using the same phone or computer to connect to the VPN and run Roon, then you only need to run udp-proxy-2020 on the VPN server side.
LMK if you have any questions and good luck!
1 Like
I was searching the internet and found out that OpenVPN on a Rasperry Pi would be fine.
But is there a documentation or can sombdoy explain how to install udp-proxy-2020 on the same Rasperry Pi?
so challenge is âOpenVPN on a RasPIâ could mean 100 different things. Your best bet is to review the udp-proxy-2020 docs and especially the startup-scripts section: udp-proxy-2020/startup-scripts at main ¡ synfinatic/udp-proxy-2020 ¡ GitHub which goes over different installations. Not every possible installation mind you, but a few common ones.
From there you, if you can ask more precise questions itâs much easier to help.
1 Like
Thank you very much.
My problem is that I have not understood the systematics.
What do I have to do in my home network 10.100.5.x, where Roon Core is also installed.
And what do I have to do in the remote network 10.100.6.x so that the SONOS players in this network can play music from the Roon Core?
In which network I have to run udp-proxy-2020?
In the meantime, I have connected the two networks with OpenVPN.
As per Aaronâs earlier post, in your case youâll need to run udp-proxy-2020 at each end, on whatever device is running your VPN server on each network.
The easiest setup is probably to run both your VPN server (ie. Wireguard / OpenVPN) and udp-proxy-2020 on your router at each end.
But if thatâs not possible and you already have a site-to-site VPN up and running with OpenVPN using a RRi loccated on each network then you should be able to just install the linux-arm64 (RasPi 2 V1.2 and above) binary on each RPi and set it up to listen the the relevent network interfaces ie. something like eth0 (local network) and tun0 (vpn tunnel). See the Usage section of the README.md and the startup scripts Aaron linked to if you want it to survive reboots.
Itâs probably better to think of udp-proxy-2020 bridging network interfaces rather than subnets, so it needs to run on whatever device bridges those networks ie. has both an interface for the VPN tunnel and an interface for the local network.
You can use ifconfig to see what network interface youâre using and tcpdump to check if the UDP messages are being relayed successful. Have a search on the forums for how to use them,
This is a simplified breakdown of the topology, obviously your network interfaces may differ.
eth0 (network 1 / 10.100.5.x)
== udp-proxy-2020 --port 9003 --interface eth0,tun0 --cache-ttl 300
tun0 (VPN tunnel/network ie. 10.100.10.x)
== udp-proxy-2020 --port 9003 --interface tun0,eth0 --cache-ttl 300
eth0 (network 2 / 10.100.6.x)
Many thanks in advance for your support.
It is very helpful. I know something about IT but I still have a lot to learn.
In my home network (10.100.5.x) I have installed the OpenVPN server on my Synology (where the Roon Core is also running) and successfully installed the Docker image upd-proxy-2020.
Am I correct in assuming that in the remote network (10.100.6.x) on a Rasperry Pi I âonlyâ need an OpenVPN client that establishes the connection to the OpenVPN server. In addition, upd-proxy-2020 must also be installed on this Rasperry Pi.
Yeah, that sounds about right.
FYI, I just uploaded RPM and Debian/Ubuntu packages for Intel x86 and ARM64 to github on the releases page for v0.0.11. Might help you install things on that RasPi.
Ok thank you.
I got now running a Ri4 and downloaded udp-proxy-2020-0.0.11-linux-arm64 to the Pi.
That is the correct package?
And I try to install with sudo apt-get installâŚ
The an error occurs.
Can somebody explain to me how I have to install the âsoftwareâ on my Raspberry Pi 4?
I have setup the Raspberry with OpenVPN which works perfectly.
Thanks a lot.
hard to answer this question. A raspi could be running probably 100 different linux distros. Or maybe itâs not even running linux?
I am digging into this, too.
I have two sites (âtopâ, where thereâs the roon core, and âbottomâ which would very much like to access that core) which are connected via site to site VPN. However, I do not have the option to install anything on either VPN gateway. Both sites can see each otherâs networks, there are a few firewall rules in place though.
I would very much like to avoid tunneling another VPN through the existing one. I understand, in the âtopâ site I can run one instance of udp-proxy-2020 right on the roon core (or maybe on another, privileged, lxd container, as roon core is a non-privileged LXD container, worst case, I run udp-proxy-2020 right on the hypervisor OS).
From my understanding as of now (until I read this post), I thought I could hook up a raspi with another instance of udp-proxy-2020 on the âbottomâ site and have both instances of udp-proxy-2020 configured with --fixed-ip so theyâd route the broadcasts they pcapped on their network straight to the other side/site.
But this post reads to me like itâs not (that easily) possible?
(I was preparing the RPi fĂźr âbottomâ, but Iâm not travelling too often between the sites and usually I donât have as much time to tinker while at âbottomâ (and tbh, I donât fancy tinkering when I am there), so âDâoh just test itâ already crossed my mind but⌠well.)
Thanks in advance for any helpful hints 
I tried this⌠I have site A and B. Connected via Wireguard VPN. Wanting to avoid tinkering with my firewalls, I setup a VM in A and another in B. Setup WG VPN on each, tunneling through the tunnel⌠setup udp-proxy-2020 and nothing happened. Then the holidays kicked in and I havenât had a chance to play with it⌠but now that the holidays are over, I have my toys in place and I want to get Roon Core/Endpoints working across the VPN.