It won’t last. Roon hasn’t been designed to work across subnets. Remotes can as they use a different protocol for discovery but as an audio device Roon uses multiple ports and this changes quite regularly. These also don’t traverse subnets or vpns unless you know how to configure your flyer and understand how to use a USP proxy. However when the port changes you will loose the playback ability of the device in your current scenario.
More problematic is the bandwidth and low latency requirements of the audio streams when using streaming protocols like RAAT that have not been designed with the potentially lower bandwith and higher latency of internet transports compared to your local network. This is compounded by the fact that streaming from Roon would be using the uplink from the Roon Server to the ISP which is often significantly lower bandwith than the downlink that you use to stream from internet services whilst on your home network.
As an aside, earlier this year when I was on holiday in the Orkneys (My home is in Cambridgeshire in the UK), I experimented with both Wireguard (essentially the same as Tailscale) on my Android phone and OpenVPN TAP (on my Windows laptop to provide Roon client connectivity and streaming to the client endpoint. Both OpenVpn and Wireguard VPN functionality is provided by my router.
The rest of this post details my observations.
I found that both worked without issue for me on that day and at that time and using that internet connection. I was not using a cellular internet service (Guest Wifi in the holiday let) and my home internet service is 500MBps down, 73Mbps up. This uplink bandwidth is well in excess of that that I require for streaming any of my content (maximum 192kS/s/24bit which equates to about 10Mbps). However, there are some caviats (in addition to the potential bandwidth/latency issues that I opened this post with).
These additional caviates were:
Use of a VPN in this way is Tinkering. You will get no help from support if something doesn’t work as expected.
Using a layer 3 VPN (Wireguard in my case but equally applicable to Tailscale or even OpenVPN with a TUN connection), it could be some time before the endpoint offered by the remote client would be seen to be avialable by the Roon Server - may be as much as 15 to 20 minutes.
There is no Android Client for OpenVPN in TAP mode (at least not unless you root your phone). The same is probably true for IOS devices although I have never investigated.
Setting up an OpenVPN server on your home network will not work if your ISP uses CG-NAT.
OpenVpn can be significantly more challenging to setup compared to either Wireguard or Tailscale. On the other hand, if you set up an OpenVpn Server on your router (as I am able to do) then there is no other third party service between your router and the OpenVpn client on the other end. OpenVPN servers can be set up on other devices in your home network - but that would require port forwarding)
Using any VPN to connect a Roon Client means that the bandwith available for streaming will, at the very least, be limited to the uplink bandwidth to your ISP. With ADSL, VDSL and even many FTTP services (like BT Openreach in the UK - at least for now), the uplink bandwith is signficantly less than the download bandwith).
Using a layer 2 VPN (OpenVPN TAP connection), everything worked exacly as it did when I was using Roon at home. Client connection and endpoint discovery were instantaneous (or at least so quick as to be unnoticiable). Streaming at modest bit rates (I only tried up to 96kS/s/24bit) worked fine. In fact, I believe that if I had a second router like mine, I could configure it as an OpenVPN client and then I would be able to use any endpoint in the local network as if it were part of the remote network on which the Roon Server resided. I believe this has been done before and has been discussed in Tinkering.
The reason OpenVpn with a TAP connection worked so well with my laptop Roon client is that, being a layer 2 VPN it behaves much more like an ethernet switch (whereas you could compare layer 3 VPN [like Tailscale, Wireguard and OpenVPN TUN] functionality to that of a router) in that:
Clients can use DHCP on the remote network to obtain an ip address in the same subnet as the devices in the remote network.
It fully supports protocols other than TCP/UDP and it fully supports multi-cast/broadcast traffic making it truly indistinguishable from using a single network (from a network stack P.O.V.). However, this also means that the VPN tunnel is always being used by that broadcast traffic and so it is not recommended for metered internet connections.