Source domain not set for Roon ARC services

Roon Core Machine

Networking Gear & Setup Details

Connected Audio Devices

Number of Tracks in Library

Description of Issue

I’ve set up Roon ARC to work on my system (Fritzbox, OSX Monterey 12.6, Little snitch FW). Besides enabling port forwarding, I also need to create some FW rules to allow the service to work. Not a problem in itself. Can you provide a generic domain name for the source addresses (e.g. something like*.roonarc.com)? The current incoming addresses are Google cloud servers, which means I need to use hardcoded IP’s.

Second question: is your IPv6 config good and active? I’ve setup using IPv4-only for now.

Here you go
https://www.gstatic.com/ipranges/cloud.json

I believe the services Roon uses should resolve to:
*.googleusercontent.com

But here’s the full list Google publishes:

They enabled v6 for Core in 2.0 (nice!) but I’ve not seen anyone test it. I’ve not been able to test it either due to some issues I’m still sorting in my home network. Would be good for someone to confirm.

Also, to be clear…
ARC → Core

ARC does not pass through Roon infrastructure but connects directly to your core. That means you need to allow access to the IP / domain your ARC client sits at. This won’t be any of the addresses / domains in my post.

The lists I provided are only relevant for Roon infrastructure / cloud.

Thanks, that might be an option. However, I’m not really happy with opening up my FW to such a large domain, would rather see a roon-managed domain. Preferably with some decent security framework in place.

At the moment, I’m approving auto-generated FW rules based on individual IP’s. Not a happy situation, since I can’t remotely approve those rules.

I can easily enable the IPv6 access on the router and FW, might just do that and see what happens

Agree with everything you’re saying. I may limit at least by country or cell carrier but I’m not sure I can get more narrow then that and keep connections reliable.