Some further context: I have setup Roon Server on a Linux machine that has a generally restrictive firewall. The firewall allows TCP ports 9100:9200, 9330:9339, 30000:30010 and UDP ports 9003, which I understand are required for basic operation. Additionally, I’m using TCP 55002 for Roon ARC.
Everything works in this configuration except AirPlay. HomePod devices show up in Settings > Audio as Roon Tested, AirPlay 2 devices. When enabled, no track is able to be started. After some duration, the track pauses at 0:00. This happens with FLAC or MP3; I do not use any third-party service. Via the Roon ARC app, I use AirPlay fine, since it is through my iPhone.
Disabling the firewall, I can play music to the HomePod I’m testing. lsof shows an established TCP connection to the HomePod’s IP address, but it originates from a different port each time roon-server is restarted. I’ve observed the following ports used: 41980, 49872, 52336, 57150, 59546.
This is a significant range and appears undocumented from what I can find. How do I proceed in securing the machine running Roon Server without obstructing the ability to use AirPlay?
Thank you for your post. RoonServer can be a little tricky to configure with restrictive firewalls since it assigns certain ports dynamically.
The ports above are in a range usually reserved for temporary, dynamic assignment - Roon relies on dynamic assignment for some protocols to allow for flexibility in device discovery. There’s also a chance you’re seeing the UPnP stack in RoonServer attempt to ping the HomePod to configure port forwarding automatically in a harmless and redundant exchange.
However, Airplay 1 device discovery announcements should take place on a predictable port. For this particular issue, make sure that the bonjour and mDNS ports in Apple’s documentation are safelisted: TCP and UDP ports used by Apple software products - Apple Support
I’d also verify that you’ve allowed Roon local network access on the Mac running Sequoia in your System Settings → Privacy & Security → Local network list.
I’ve opened ports for bonjour and mDNS as specified in the documentation from Apple Support, namely: UDP 1900 and UDP 5350-5353. This has not changed anything.
Regarding UPnP, I have ensured that the option is enabled on the eero router but I am not sure how to test things further.
roon-server is not running on a Mac, although I am attempting to play to a HomePod from the Roon macOS client. But I can also confirm the issue is present on an iPhone and iPad (using Roon, not Roon ARC).
Are you running Sequoia on this Mac? There was a recent update to 15.3 that fixed many local networking issues that may be playing a part in your airplay issue.
Let me know if you’re able to update and see if you’re able to reproduce afterward.
I’ll update to 15.3 but I want to note that the issue is reproducible on other clients like Roon on my iPhone (but ARC is able to AirPlay fine). Also, if I temporarily disable the firewall on my Linux machine, the issue is cleared up. That seems to indicate an issue on the Linux side of things.
Yes, ports 80, 443, 554 (TCP/UDP), 3689, and 5353 have been opened. I can confirm this by using netcat on the server to listen on the port, and then scan the port from a different computer, e.g.:
server
❯ sudo nc -l 554
elsewhere
❯ nc -zv server 554
Configuring the Linux firewall may be a bit trickier than just adding the specific ports, as Roon can use randomized ports. In the past, other user have been able to configure their firewall with the below guides, can you please let us know if this helps?
