Roon over Wireguard VPN (works on WiFi, but not on cellular)

  • Wireguard (road warrior style configuration)
  • UDM Pro (running wireguard + udp-proxy-2020)
  • (Wireguard tunnel)
  • (remote Roon subnet)

Roon works perfectly without issue over a VPN tunnel in the following configurations:

  • Wireguard running on laptop (Mac OSX) on a remote WiFi network.
  • Wireguard running on an iPhone (iOS) on a remote WiFi network.
  • Wireguard running on laptop (Mac OSX) tethered (via iOS WiFi hotspot) to an iPhone using my cellular network (with WiFi disconnected).

(this last scenario is interesting as it seems to indicate that my cellular network isn’t blocking the Wireguard tunnel)

But Roon remote fails to connect to my Core when using a Wireguard tunnel directly on iPhone (iOS) over cellular (Three).

However I can connect to my ROCK’s web interface in the above configuration (Wireguard on iOS). Which suggests that Wireguard is (at least at a basic level) running correctly on my iPhone and allowing me to reach my ROCK server and connect to it on port 80.

I can also run Roon remote without issue and connect to my remote Core when my laptop is tethered to this iPhone via iOS’ WiFi hotspot feature (see above) - this seems to indicate that the Wireguard tunnel isn’t being blocked by my cellular provider.

What I can’t do is connect to my Roon Core from a Roon Remote (on my iPhone, while on cellular) even if I manually enter it’s IP address in Roon Remote. This seems odd as I thought this bypasses Roon’s discovery mechanism.

This suggests an issue with how the local network (or Wireguard tunnel) is presented to Roon on iOS that differs from how it is presented when using either i) a laptop (OSX) running Wireguard which is tethered to an iPhone on a cellular network, or i) simply an iPhone running Wireguard on a WiFi connection.

I’ve tried countless combinations of settings, which for brevity I have excluded here. Including adding IPV6 routes to Wireguard (although still wondering if this is the root issue) and disabling any private network features on iOS.

Obviously there is a chance I have overlooked something there, in fact I almost certainly have given my post, but (without wishing to sound ungrateful) I’m really looking for responses from users who have hit a similar issue themselves (and hence know of a concrete fix) or users with a better understanding of running Roon / Wireguard on iOS over a cellular network than me, who can give concrete suggestions. But I appreciate any help or suggestions anyone can give.

Thanks :pray:

Roon app won’t work on iOS or Android without WiFi connection period it’s part of their code. It just won’t launch properly when the device it’s running on is on cellular. You have to connect to another device thats running WiFi tethering that has cellular. I had to do this with my DAP when I meddled with all this.

1 Like

Ah that explains it then, thanks for the reply :+1:

That’s not true. I’ve been able to get it to work on a cellular connection with WireGuard before. I’ve now given up on that as it was just for fun.

1 Like

This is not correct. It does work over Von without WiFi. In my case it isn’t stable however.

1 Like

My experience tells me otherwise unless they changed the behaviour. On Android the app would not start saying no wireless connection and would not go any further when connected to my VPN.

It all depends on what type of VPN you used and how you set it up. If, for example, the mobile is assigned an IP address via VPN in a different subnet, which is typically the case, it will not work without some additional configuration.

Thanks for the clarifications, unless it’s old, Jules’ screenshot suggests that Roon Remote will connect over cellular with WiFi disabled.

In my case, while my mobile is assigned an IP address via VPN that’s from a different subnet to my Roon Core. I believe I am already running the additional configuration Bart mentions, namely udp-2020, as everything works perfectly if connecting over a VPN tunnel via WiFi or when connecting to a mobile on cellular via tethering (see my original post).

In think in my case it suggests there be some interaction with how Wireguard works over cellular connection on iOS. Unless Bart your thinking of done other ‘additional configuration’.

That was indeed the ‘additional configuration’ I was referring too. Perhaps check the software’s options to enable some debugging in order to find out what is happening. @Aaron_Turner might be able to help you figure out what’s going wrong from the debug logs.

1 Like

VPN is in my router and used Androids VPN client It worked when device was connected via WiFi I ended up using my phone as a wifi hotspot and my dap connected to this and used VPN to connect. Roon on the same phone would not run using VPN. I Can’t try it any more as Andorid 12 uses different VPN connectivity now that I can’t use.

I use Roon on my iPhone over Wireguard over both Wifi and 5G thanks to udp-proxy-2020 running on my pfSense box using the same Wireguard configuration/tunnel.

I assume when you are testing Wireguard + Wifi you are doing so away from home or where your Roon core is? If you’re testing while at home with wifi then you’re not going to be using the VPN tunnel for Roon.

Yes, using Wireguard + WiFi when away from home on a totally unrelated WiFi network and everything works perfectly. btw. thanks for developing udp-proxy-2020!

The problem only occurs when using Wireguard on a cellular network on iOS. I can still see my ROCK’s web interface on port 80 in that scenario, which suggest the Wireguard tunnel is being created (at least partially successfully) on a cellular connection. I just can’t get the Roon Remote to connect, even if I enter my Core’s IP address manually.

Yeah, cellular/5G should be fine assuming your VPN is configured correctly. You’re using the same VPN settings?

I’m very confused by your last sentence though “I just can’t get the Roon Remote to connect, even if I enter my Core’s IP address manually.” Where are you entering the Core’s IP address? I have never seen this option in the Roon Client on iOS or MacOS.

Yes, exactly the same, as soon as I connect back onto a (remote / not my home) WiFi network it works just fine.

The fact that it works with WiFi but not cellular with the same VPN settings would seem to suggest that the Wireguard configuration is correct. Also the fact that I can connect to my ROCK’s web interface using Wireguard over a cellular network suggests the VPN tunnel is correctly instantiated and it isn’t being blocked.

All I can think is that there is some sort of split tunnelling or IPV6 networking that is being enabled on iOS when using my cellular network (Three) that isn’t happening with WiFi. But I’m as a loss to what that could be.

Ah, I meant this screen, if you click ‘help’ (circled in red) you can enter an IP address manually.


Under Settings → Cellular, do you have Roon enabled for using cellular data?

Beyond that, you can open a ticket on github and I can walk you through collecting pcaps and we can take a closer look, but it definitely sounds like Roon isn’t sending traffic on the VPN when using cellar. Based on what you’ve said, most likely it’s a setting on your phone. Or some weird bug in Roon or something that makes it not work for you.

1 Like

You’re an absolute star :star:

That was it…sometimes it really is the most obvious things you overlook.

Thanks :blush:

1 Like

No prob. Now we both learned something. :slight_smile:

No WiFi Needed - Running ROON on 4G / 5G … with regular network settings on iPhone VPN L2TP
Using a simple RPi 3B and SOFTETHERVPN server software.
If interested here is a link for tutorial and set up Dropbox - SoftEtherVPN server 2022 v1.3-05-05-2022 - Simplify your life

Thanks, but see the three posts above…

Aaron spotted the problem and issue now resolved, I hadn’t enabled mobile data for Roon on iOS.

Okay perfect! Just over kill :face_with_peeking_eye: sorry about that!

1 Like