Security implications of opening up remote access to Roon Core

I’d love to be able to access my Roon core while at work, and since I have a DDNS service configured and a pretty advanced router firmware (OpenWRT), I figured that port forwarding should do it.

I came across this lovely post from from @brian where he explains which ports should be forwarded.

Now, before I do it, I was thinking about security implications of this. I already forward some ports, such as SSH, but I also know how to tighten the security around them (don’t allow root logins, only accept signed key logins, etc). But how about the ports that I would forward to my Roon core server? Will there be any login procedure whatsoever, or will it be enough if someone figures out my domain name and enters in as URL to Roon Core?

I would not recommend opening your ports to the internet. The context of that thread was setting up a firewall for a hardware product that contained a firewalled mac mini running a Roon Core, so it was LAN-only.

Also be aware that there is no way to accomplish remote audio streaming with these port forwards–only browsing.

If remote browsing is interesting to you, I recommend using SSH tunnels to secure it.

For remote audio streaming, you would need something like a VPN or Zerotier that can actually bridge the networks. We will likely solve that problem in the future, but we do not have a solution right now.

There is really only one way to make this relatively secure and that is to allow specific source addresses and block the rest (of the world). It would still be possible to ‘fool’ a firewall rule like that by spoofing an IP that you’ve allowed, but then one would have to know which IP’s you do allow…
Still, you wouldn’t be able to do audio streaming as Brian describes in his post so this solution is moot

OK, thank you both for the clarification. I was, naturally, hoping to do this for audio streaming reasons (as controlling speakers in an empty house is of limited use for me :wink:).

I was curious as Plex seems to do it with their solution for videos, and I’m certain that the actual files stay on users’ servers and not in Plex’s cloud, so it seems doable. Let’s hope Roon finds a way around it, still a great product! :+1:

Also Logitech Media Server would work. It is possible to make this work with Roon. Zerotier (as mentioned by @brian) will work. Other than that I am sure Brian knows what is needed as he designed Roon, but it is too early to tell us… I wouldn’t use mobile streaming anyway as I am a ‘dinosaur’, but it will be a nice feature for those that do!