I think It’s a fanless next gen firewall device
I asked for this information in some other thread a few weeks ago. Nice to see a bit of it here.
Can you tell me which credential is used to authenticate the ARC client? How is it entered?
It’s of concern because if I want to give someone access to my core via ARC, do I reveal my roon account login/password to them, my forum login/password, or something entirely different? And aside from the human vulnerabilities and compromising my account, how can it be leaked or snooped by other agents?
What secures the traffic between the core and the ARC client? If the protocol or traffic was compromised, could anybody enumerate my music collection or, say, mess up the metadata?
Thanks,
- Eric
Your Roon username (email you used to sign up) and the password for your Roon account.
Yes, you would reveal your Roon account login/password. Don’t share your Roon account login/password. Your Roon account login/password is your entire Roon identity, which includes this forum.
Have you used ARC? You type it in.
Malicious software that infects your apps or operating system, etc… the normal stuff.
TLS is used for encryption, and the Roon software verifies your identity via an intermediary server on our end.
The “secure protocol” only prevents snooping on a wire. A TLS compromise would allow an attacker to snoop on your traffic if an attacker had infected your device running ARC or the Roon Core.
1 Like
There are no fundamental weaknesses in TLS 1.2 yes it is cryptographically less robust than 1.3 but nothing that is substantially flawed for normal users. It is still an approved transport encryption for US Government including FedRAMP so good enough for me.
TLS versions less than 1.2 (and all SSL versions) however are a different matter, they have substantial problems.
Great design choice!
it wasn’t always that way… in early 2015, we had different logins for Roon app + website and for the community forums… It was our top support issue by a long shot – people couldn’t figure out why they weren’t the same!
So while I can’t take credit for getting that design choice correct from the start, I am happy it was a problem we resolved back in October 2015:
1 Like
Where’s the “large benefit” for those of us who have no interest in ARC in the first place?
1 Like
Hi @Michael_Looney,
Beauty or in this case benefit is in the eye of the beholder …
No interest, no benefit… ok no argument with that … that’s your view it’s fine.
If you wish you can disable the port-forwarding router request from Roon by manually entering port 0 in Roon settings —> ARC.
Or alternatively disable UPnP in the routers settings, which will prevent any application requests being actioned by the router.
1 Like
Thanks for the reply.
I’ve tried entering O but it always resets to 55…
I don’t think I have the ability to disable UPnP in my router, I would have to go through my service provider. What gives me pause is the message I get from my provider’s security app:
“A high risk source tried to access Nucelus. Advanced security has blocked 1 of these security risks this week.”
Maybe that’s a good thing that my security prevented it? I don’t know, but I do know I never got those alerts before upgrading to 2.0 and now I get them regularly. Or, rather, got them regularly. My Nucleus is for sale and I have deleted Roon. I won’t even go back to my MacBook as the core. I think it’s incredible arrogance on the part of Roon to assume all of their users would be going ape over a feature like Arc. I purchased a lifetime subscription when they were first offered, but I’m done with Roon.
Apple Music, Naim app, and Tidal Connect. I’m served well at home and abroad!
What is your router?
I don’t know. It’s provided by Shaw cable. I used to have Linksys routers which I could manage, but I recently got this faster modem/router.
Hi, yes, it looks like the gateway 2
I’m guessing you’ve attempted to login to the gateway IP (10.0.0.1 I think) and there’s no way to turn of UPnP
What about the Bluecurve App?
Seems odd to omit the function to disable UPnP.
Hi you have to type 0 (zero) not the letter O.
3 Likes
Thanks! Pretty sure I typed zero. But may try again if I add core to my MacBook
Appreciate your help! For some reason my gateway doesn’t accept my username. I think I’ll call Shaw and get their assistance.
A full reset and default access details?
UPnP setting must be under Gateway “Advanced” Settings, and it is enabled by default.
1 Like