Firstly, the error message indicates that uPnP on the Asus router is enabled but, for some reason, the uPnP request by the Roon Server is failing. I have seen this with at least one Asus router (an RT-AX88U) myself. Using explicit port forwarding with uPnP disabled is a workaround.
Secondly, most DOCSIS ‘modems’ supplied by ISPs are acutally Modem and Router combined. I believe that this is true of the Telenet modems.
The rest of this post assume that your DOCSIS modem is actually a modem/router and you have not already put the router into ‘Modem Only’ mode.
In order to use such a Modem/Router with your own router, e.g. the Asus Zen WiFi AX, without creating port forwarding difficulties, you will need to put the ISP Modem/Router into ‘Modem only’ or ‘Bridge’ mode (such that it disables all router and WiFi functionality and just leaves one working LAN port.
The exact way this is done may vary (and indeed, with some, it may not be possible - I believe some cable modems supplied by Virgin Media in the UK did not support Modem Only mode). You will have to find out if and how this can be done for your modem/router.
If you can put your modem/router into modem only mode, then you have two choices:
- Double Port Forward: Disable uPnP/natPMP because it will not work with two routers and create explicit port forwarding rules on each router.
- Use Tailscale to avoid the need to get port forwarding working.
Double Port Forward
The first thing to say about this is that *it will not work if your ISP (Telenet) uses CG-NAT. I have not, on the basis of a quick search been able to find out if this is the case or not and there is nothing in the error text to indicate that this might be the case. I shall explain how to determine if your ISP is using CG-NAT below. By contrast, the second option, using Tailscale, will work even in the presence of CG-NAT.
OK. Assuming Telenet is not using CG-NATand you have your DOCSIC Modem/Router (ISP router) in router mode and your ASUS router, then you will have a network that looks something like:
ISP Router <------------>ASUS Router<----------------->networked devices
(x.y.z.0/24 (192.168.50.0/24
Subnet) Subnet)
The ISP router, will likely have a LAN side ip address (the ip address you use to access its web UI) of x.y.z.0 or x.y.z.254 where x is usually 192, y is usually 168 and z can be any number between 0 and 255. However, in your case because the ASUS router is creating a 192.168.50.0/24 subnet, you want to make sure that z does not equal 50.
Assuiming that the ISP LAN side address is x.y.z.1, then your ASUS router will have a WAN side ip address (obtained from the ISP router) of x.y.z.a where a is a number between 2 and 254.
The ASUS router will also have a LAN side ip address of 192.168.50.b. These two ip addresses associated with the ASUS router must not be confused.
Now, to set up port forwarding rules on each router your need to know the ARC port provided by the Roon Server (55000) and the Roon server ip address. Both can be obtained by viewing Roon->Settings->Roon ARC setting page in the Roon desktop or modbile client:
On the ISP router you must forward TCP connections on port 55000 to the WAN side IP address of the ASUS router (x.y.z.a).
On the ASUS router you must forward TCP connections on port 55000 to the Roon Server (QNAP TS-264) ip address which will be 192.168.50.b
Once both of these rules are in place, your port forwarding should work.
Tailscale
Tailscale can be used to set up a VPN between your mobile device running ARC and your Roon Server and thus avoiding the need to set up any port forwarding at all. Note: the Roon->Settings->Roon ARC settings page may still report “not ready” and give a diagnostics error but this does not matter.
The instructions for setting up Tailscale can be found at:
The big advantage of Tailscale is that it works in even in the presence of CG-NAT
Note: Wireguard can also be used in a similar way. Wireguard may be supported by your ASUS router so this might be an easier way forward - but there are no howto gudes for Wireguard.
How to determine if your ISP is using CG-NAT
If you are unsure whether or not Telenet use CG-NAT, you can find out be comparing the WAN side ip address of the ISP supplied router (not the one beginning with 192.168 or 10.) with the ip address reported by web sites like whatismyipaddress.com.
If the two ip addresses match, then your ISP is not using CG-NAT.
If the two ip addresses do not match, then your ISP is using CG-NAT.