Roon in different subnets

Dear all
I am evaluating Roon labs and I am totally excited about the quality and the features.
As I am living at two sites I am just wondering whether it is possible to use the Roon core in both sites.
This sites are connected via VPN and do have two different subnets.
I was searching through the community and read a lot but I am not clear how and at all.
Is there a clear description for my use-case?
Thanks a lot. Regards.

Yes, but there is no official support and it’s very much in the realms of ‘tinkering’ — given the plethora of different VPN solutions there isn’t a single / simple guide to getting this working.

It will also depend on the speed and stability of your broadband network at both ends — it needs to be good to work reliably, what VPN solution you are currently using (or prepared to swap to) and how technically minded you are.

But depending on your current VPN solution, you may be able to use a UDP relay like udp-proxy-2020 to achieve what you want using. Other seem to also have had success with ZeroTier but I haven’t used it myself so can’t personally comment on how well it works.

Given you are currently evaluating Roon, why not give it a try and see if your network is stable enough to support a remote connection.

You’ve probably already come across these threads, but if not, these are likely the best place to start:


Thank you very much. Seems a lot of work to do?
My installation is in a subnet 10.100.5.x.
The core is installed on
The other subnet is 10.100.6.x and connected via VPN.
Is there a simple way that SONOS players in the other subnet (10.100.6.x) can play from the core (
Thanks for your help.

Roon does not officially support subnets at all although Chromecasts and Airplay do work across fine if your network also supports mdns correctly, I have all my Chromecasts on a separate vlan. Not sure if Sonos does I only have one and it’s on the same network as my core. But all of this is down to users to work out and generally requires more open and configurable network equipment to achieve it.

If the two networks are connected through routers which ports must I forward to the core?

I’ve moved this to the tinkering section as it involves said jiggery pokery.

Roon relies on UDP messages for the discovery of endpoints, which aren’t normally passed across VLAN or subnets, let alone VPN tunnels.

As CrystalGipsy suggests, if you’re only interested in Sonos and ChromeCast devices then the mDNS setting (if your router has one) may be enough to allow the required UDP packets to span subnets. The easiest option is to try it and see.

But for Roon to discover RAAT devices (which use different UDP ports to mDNS) and especially if you’re trying to relay those UDP messages over a TUN based VPN connection you’ll need to use something like udp-proxy-2020.

In short it will depend on your router and your VPN solution. But other than enabling mDNS and seeing if that works, you’ll likely need to do some low-level network configuration and install or enable some software (like udp-proxy-2020) to relay the required UDP packets.

You can see if someone has written a guide for your particular router and VPN — might be worth stating what they are — and then installing the required software and modifying the subnets/interfaces as necessary to exactly match your setup. Using OpenVPN or Wireguard with udp-proxy-2020 seems to have the highest success rate and you’ll find a couple of guides in the tinkering section for both those setups.

If you want an easier route it may be worth looking at ZeroTier, but as mentioned above I have never tried it myself so can’t vouch for how reliable it is.

1 Like

It’s not TCP ports that are the problem, it’s the UDP packets (which Roon uses for device discovery) which your router won’t normally pass across subnets as they are ‘broadcast packet’ intended to be broadcast to all devices on a single subnet — if you think about it you wouldn’t normally want those packets broadcast to even every device on every neighbouring subnet.

The solution is to use a UDP relay, which can in effect listen on one subnet / interface for certain broadcast packets and then re-broadcast them onto another subnet / interface. This is different from the traditional network routing done by your router.

mDNS is one such relay (often found on routers) that can handle this for mDNS UDP packets this will possible work for Sonos and Chromecast devices that use mDNS. But it’s unlikely to work with VPN tunnels and won’t work with normal Roon RAAT discovery (as it uses different UDP ports).

The solution (in that more advanced case) is to run a relay / proxy like udp-proxy-2020 mentioned above and configure which network interfaces the UDP packets should be relayed (or re-broadcast) across.

1 Like

As people have indicated, you’ll need two things:

  1. Something like udp-proxy-2020
  2. A compatible VPN solution

where “compatible” is a VPN solution that has a virtual network interface (site-to-site IPSec, OpenVPN, Wireguard, etc). Specifically, road-warrior type IPSec VPN’s don’t work.

The challenge with site-to-site VPN’s is you need to run udp-proxy-2020 on both VPN servers. However, if you’re using the same phone or computer to connect to the VPN and run Roon, then you only need to run udp-proxy-2020 on the VPN server side.

LMK if you have any questions and good luck!

1 Like

I was searching the internet and found out that OpenVPN on a Rasperry Pi would be fine.
But is there a documentation or can sombdoy explain how to install udp-proxy-2020 on the same Rasperry Pi?

so challenge is “OpenVPN on a RasPI” could mean 100 different things. Your best bet is to review the udp-proxy-2020 docs and especially the startup-scripts section: udp-proxy-2020/startup-scripts at main · synfinatic/udp-proxy-2020 · GitHub which goes over different installations. Not every possible installation mind you, but a few common ones.

From there you, if you can ask more precise questions it’s much easier to help.

1 Like

Thank you very much.
My problem is that I have not understood the systematics.
What do I have to do in my home network 10.100.5.x, where Roon Core is also installed.
And what do I have to do in the remote network 10.100.6.x so that the SONOS players in this network can play music from the Roon Core?
In which network I have to run udp-proxy-2020?
In the meantime, I have connected the two networks with OpenVPN.

As per Aaron’s earlier post, in your case you’ll need to run udp-proxy-2020 at each end, on whatever device is running your VPN server on each network.

The easiest setup is probably to run both your VPN server (ie. Wireguard / OpenVPN) and udp-proxy-2020 on your router at each end.

But if that’s not possible and you already have a site-to-site VPN up and running with OpenVPN using a RRi loccated on each network then you should be able to just install the linux-arm64 (RasPi 2 V1.2 and above) binary on each RPi and set it up to listen the the relevent network interfaces ie. something like eth0 (local network) and tun0 (vpn tunnel). See the Usage section of the and the startup scripts Aaron linked to if you want it to survive reboots.

It’s probably better to think of udp-proxy-2020 bridging network interfaces rather than subnets, so it needs to run on whatever device bridges those networks ie. has both an interface for the VPN tunnel and an interface for the local network.

You can use ifconfig to see what network interface you’re using and tcpdump to check if the UDP messages are being relayed successful. Have a search on the forums for how to use them,

This is a simplified breakdown of the topology, obviously your network interfaces may differ.

eth0 (network 1 / 10.100.5.x)
== udp-proxy-2020 --port 9003 --interface eth0,tun0 --cache-ttl 300
tun0 (VPN tunnel/network ie. 10.100.10.x)
== udp-proxy-2020 --port 9003 --interface tun0,eth0 --cache-ttl 300
eth0 (network 2 / 10.100.6.x)

Many thanks in advance for your support.

It is very helpful. I know something about IT but I still have a lot to learn.

In my home network (10.100.5.x) I have installed the OpenVPN server on my Synology (where the Roon Core is also running) and successfully installed the Docker image upd-proxy-2020.

Am I correct in assuming that in the remote network (10.100.6.x) on a Rasperry Pi I “only” need an OpenVPN client that establishes the connection to the OpenVPN server. In addition, upd-proxy-2020 must also be installed on this Rasperry Pi.

Yeah, that sounds about right.

FYI, I just uploaded RPM and Debian/Ubuntu packages for Intel x86 and ARM64 to github on the releases page for v0.0.11. Might help you install things on that RasPi.

Ok thank you.
I got now running a Ri4 and downloaded udp-proxy-2020-0.0.11-linux-arm64 to the Pi.
That is the correct package?
And I try to install with sudo apt-get install…
The an error occurs.

Can somebody explain to me how I have to install the “software” on my Raspberry Pi 4?
I have setup the Raspberry with OpenVPN which works perfectly.
Thanks a lot.

hard to answer this question. A raspi could be running probably 100 different linux distros. Or maybe it’s not even running linux?

I am digging into this, too.

I have two sites (‘top’, where there’s the roon core, and ‘bottom’ which would very much like to access that core) which are connected via site to site VPN. However, I do not have the option to install anything on either VPN gateway. Both sites can see each other’s networks, there are a few firewall rules in place though.

I would very much like to avoid tunneling another VPN through the existing one. I understand, in the ‘top’ site I can run one instance of udp-proxy-2020 right on the roon core (or maybe on another, privileged, lxd container, as roon core is a non-privileged LXD container, worst case, I run udp-proxy-2020 right on the hypervisor OS).
From my understanding as of now (until I read this post), I thought I could hook up a raspi with another instance of udp-proxy-2020 on the ‘bottom’ site and have both instances of udp-proxy-2020 configured with --fixed-ip so they’d route the broadcasts they pcapped on their network straight to the other side/site.

But this post reads to me like it’s not (that easily) possible?

(I was preparing the RPi für ‘bottom’, but I’m not travelling too often between the sites and usually I don’t have as much time to tinker while at ‘bottom’ (and tbh, I don’t fancy tinkering when I am there), so “D’oh just test it” already crossed my mind but… well.)

Thanks in advance for any helpful hints :slight_smile:

I tried this… I have site A and B. Connected via Wireguard VPN. Wanting to avoid tinkering with my firewalls, I setup a VM in A and another in B. Setup WG VPN on each, tunneling through the tunnel… setup udp-proxy-2020 and nothing happened. Then the holidays kicked in and I haven’t had a chance to play with it… but now that the holidays are over, I have my toys in place and I want to get Roon Core/Endpoints working across the VPN.