Roon unable to connect to external network due to EHOSTUNREACH error (ref#DRYBYC)

Network Setup

· I use my ISP's router alongside a personal router.

ARC Status

· ARC is *Not Ready*

Roon Error Code

· None of these are listed. It simply says "TIMEDOUT" or similar.

System or third-party *firewalls *or *antivirus software* can sometimes block RoonServer from reaching ARC.

·
Try adding RoonServer and its associated processes to the whitelist of any firewalls or antivirus software you have installed, including the Windows system firewall, if applicable.
[You can learn more about firewall exceptions with Roon here.](https://help.roonlabs.com/portal/en/kb/articles/firewall)

Has the status in Roon -> Settings -> ARC changed after adding exceptions in your firewalls and antivirus software for Roon?
I don't have any system or third-party firewalls or antivirus software.

Have you configured bridge mode?

· I plan to configure port forwarding manually by creating rules in my router settings.

Is your secondary router in bridge mode?

· No, it's not in bridge mode

Have you created a manual TCP port forwarding rule on both routers according to the instructions?

· Yes

What status do you see when visiting Settings > Roon ARC page in Roon?

· ARC is "Not Ready"

Select the Diagnostic Keyword or Text String

· Something else

Don't give up yet.

· I'm stuck. I'd like to create a post to ask Roon Community for help.

Describe the issue

{
"ipv4_connectivity": {"status":"NetworkError","status_code":502,"error":"error: Error: connect EHOSTUNREACH 78.aaa.bbb.ccc:55000, response code: undefined, body: undefined"},
"external_ip": {"actual_external_ip":"78.aaa.bbb.ccc","actual_external_ipv6":"null","router_external_ip":"null"},
"natpmp_autoconfig": {"status":"NotFound"},
"upnp_autoconfig": {"server_ip":"192.168.50.1","found_upnp":true,"error":"doaction request return statuscode: UnknownError"}
}

Describe your network setup

ISP :Telenet
ISP modem : Eurodocsis 3.1 modem
Router : Asus Zen wifi AX
Roon Server is running on QNAP TS-264

Firstly, the error message indicates that uPnP on the Asus router is enabled but, for some reason, the uPnP request by the Roon Server is failing. I have seen this with at least one Asus router (an RT-AX88U) myself. Using explicit port forwarding with uPnP disabled is a workaround.

Secondly, most DOCSIS ‘modems’ supplied by ISPs are acutally Modem and Router combined. I believe that this is true of the Telenet modems.

The rest of this post assume that your DOCSIS modem is actually a modem/router and you have not already put the router into ‘Modem Only’ mode.

In order to use such a Modem/Router with your own router, e.g. the Asus Zen WiFi AX, without creating port forwarding difficulties, you will need to put the ISP Modem/Router into ‘Modem only’ or ‘Bridge’ mode (such that it disables all router and WiFi functionality and just leaves one working LAN port.

The exact way this is done may vary (and indeed, with some, it may not be possible - I believe some cable modems supplied by Virgin Media in the UK did not support Modem Only mode). You will have to find out if and how this can be done for your modem/router.

If you can put your modem/router into modem only mode, then you have two choices:

  1. Double Port Forward: Disable uPnP/natPMP because it will not work with two routers and create explicit port forwarding rules on each router.
  2. Use Tailscale to avoid the need to get port forwarding working.

Double Port Forward

The first thing to say about this is that *it will not work if your ISP (Telenet) uses CG-NAT. I have not, on the basis of a quick search been able to find out if this is the case or not and there is nothing in the error text to indicate that this might be the case. I shall explain how to determine if your ISP is using CG-NAT below. By contrast, the second option, using Tailscale, will work even in the presence of CG-NAT.

OK. Assuming Telenet is not using CG-NATand you have your DOCSIC Modem/Router (ISP router) in router mode and your ASUS router, then you will have a network that looks something like:

ISP Router <------------>ASUS Router<----------------->networked devices
            (x.y.z.0/24               (192.168.50.0/24
             Subnet)                      Subnet)  

The ISP router, will likely have a LAN side ip address (the ip address you use to access its web UI) of x.y.z.0 or x.y.z.254 where x is usually 192, y is usually 168 and z can be any number between 0 and 255. However, in your case because the ASUS router is creating a 192.168.50.0/24 subnet, you want to make sure that z does not equal 50.

Assuiming that the ISP LAN side address is x.y.z.1, then your ASUS router will have a WAN side ip address (obtained from the ISP router) of x.y.z.a where a is a number between 2 and 254.

The ASUS router will also have a LAN side ip address of 192.168.50.b. These two ip addresses associated with the ASUS router must not be confused.

Now, to set up port forwarding rules on each router your need to know the ARC port provided by the Roon Server (55000) and the Roon server ip address. Both can be obtained by viewing Roon->Settings->Roon ARC setting page in the Roon desktop or modbile client:

On the ISP router you must forward TCP connections on port 55000 to the WAN side IP address of the ASUS router (x.y.z.a).

On the ASUS router you must forward TCP connections on port 55000 to the Roon Server (QNAP TS-264) ip address which will be 192.168.50.b

Once both of these rules are in place, your port forwarding should work.

Tailscale

Tailscale can be used to set up a VPN between your mobile device running ARC and your Roon Server and thus avoiding the need to set up any port forwarding at all. Note: the Roon->Settings->Roon ARC settings page may still report “not ready” and give a diagnostics error but this does not matter.

The instructions for setting up Tailscale can be found at:

The big advantage of Tailscale is that it works in even in the presence of CG-NAT

Note: Wireguard can also be used in a similar way. Wireguard may be supported by your ASUS router so this might be an easier way forward - but there are no howto gudes for Wireguard.

How to determine if your ISP is using CG-NAT

If you are unsure whether or not Telenet use CG-NAT, you can find out be comparing the WAN side ip address of the ISP supplied router (not the one beginning with 192.168 or 10.) with the ip address reported by web sites like whatismyipaddress.com.

If the two ip addresses match, then your ISP is not using CG-NAT.

If the two ip addresses do not match, then your ISP is using CG-NAT.

3 Likes

I also had this problem with Telenet as my ISP.
With the newest modem/routers it is not possible to put them in Modem Only or Bridge status. I contacted Telenet, and after a switch with another type modem/router I could put the modem in Bridge modus in my personal Telenet account site.
In my (AVM Frits!Box) Router I activated port forwarding for the corresponding port in Roon. Since then Roon Arc works perfect.

LD

2 Likes

Many thanks
The ISP is not using CG-NAT, so I put port forwarding on both and now the status is Ready.

3 Likes

Hi @Peter_Dherdt,

We’re glad to hear the above suggestions have helped out.

If the port assignment changes in Settings → ARC at any point, you’ll need to update any manual rules you’ve created in the router(s).