Success with Tailscale VPN

I think my issue may my core is on a NAS which also hosts Tailscale.
Good info in this post

I think I may be readying to give up on my idea of having a single core serve two homes.

Now I’m embarked on a one-directional sync operation, which requires site-to-site VPN. Early sketch is:

• Daily backups of Primary Roon (at primary home) to local synology NAS
• rsync of Roon backup folder from local synology NAS to secondary home synology NAS
• Whenever I arrive at secondary home, perform a restore from local NAS copy of most recent primary home backup, change storage location, fix zones
• If I’m at secondary home and want to make a change to a playlist, tag, or anything durable, use site-to-site VPN to access Roon Core at primary home and make changes there, then backup, and restore secondary home core

Obviously all second home activity isn’t registered, and nothing I do there is durable. But… it’s always up to date on specific playlists, tags, etc. I think this’ll work. Anyone else have any ideas?

If the NAS has a dedicated drive, I wonder if you could pull the drive and put it in the secondary NAS.
Take your core with you.

I’m allergic to physical solves. I’ll forget to do it. Some people do it this way, they impress me.

I guess the key question is what is the requirement to only use Roon in 2 locations?
I use Tidal, but all the playlist I make are transferred to Tidal, i’m not that bothered about my local files as they are all on Tidal.
So Tidal for me is my main library so i’m not reliant on Roon.

So if I had a second home i’d use Tidal as my source and ensure the players had Tidal connect or Airplay if I wasn’t that concerned about quality.

Does Synology Drive ShareSync work to keep the 2 NAS,s in sync leaving you to just activate the one you require?

What you’ve proposed sounds like it will work. It’s also nicely conservative - you have a single master and no expectation that changes in your secondary (for lack of a better term) will replicate back to the master.

There are riffs on what you’ve proposed with rsync including ShareSync, Syncthing (which I use for all sync related stuff, but that’s its own rathole), Resilio, or similar. But those are just riffs.

If you want to try something more ambitious, here’s an alternative. I can’t promise it’ll work correctly, and it’ll be easy to screw up. Backups will be your safety net. I assume anyone reading this from Roon will cringe.

Your Synology devices are S1/S2. Your homes are H1/H2.

Here’s what you do.

• Set up Roon running in a Docker container on S1. I wrote a walkthrough here in the forum that will help if you need guidance. Make sure to not enable auto start. You’ve now got a folder on S1 called docker_roon or something like that which contains app and data subdirectories.

• Restore Roon on S1 from a backup from your current core. Get everything working again.

• Use this guide to set up a bi-directional sync relationship of docker_root between S1 and S2. Yep…bidrectional. Sync Multiple Synology NAS

• When everything is quiesced and working, use Docker to stop Roon on S1.

• Set Roon up on S2 and map in the synced app and data folders. Again, do not enable auto start. Fire it up. Get your first taste of what will happen when you lift and shift to a new location. Do the repair work that you already planned to do when restoring from a backup.

• Use it all normally in H2. Make changes. Live it up.

• When you’re ready to go back to H1, just stop the Roon instance on S2, wait for replication to complete, fire up S1, fix it up.

Is this a good idea? I don’t know. You’ve already got client VPN working so you know that you can easily VPN between your homes to turn the other side off or so whatever housekeeping you need.

There may be good reasons why you don’t want to use Roon in Docker. And you already know that you could go both ways with backups. If it were me, and I had two Synology devices that were capable of running Roon, this is probably what I’d try.

Good luck

I’m going to try to go from my all-singing, all-dancing “one core to rule them all” approach with udp proxies and networking stuff that was well beyond me to one that I understand. I like having ROCK in both places (I’m set on the appliance, and I have the hardware, plus if I went back to running in NAS some people would make fun of me and I have thin skin) and the manual nature will let me get used to it and own my own mistakes. Bidirectional sync scares the crap out of me, but I could do bidirectional this same way too. I’m just too chicken to start out that way. But if each ROCK backs up to its own local synology, and each Rsync’s to a copy of the backup folder on the remote synology then I could just make a restore and remap part of moving houses. That’s step 2.

I will say, back to the point of the thread, having an always-on site-to-site vpn is great. It might not be that secure, though I’m sure I have bigger holes. But being able to see my entire network from whichever house I’m on as another subnet without any action to take beforehand is fantastic. And it’s bidirectional / symmetric. It’s just there. 192.168.1.0/23 and 192.168.10.0/23 just see each other as though they were in the same physical LAN, even though they are 100+ miles apart. Someone here will probably tell me not to do this. I change passwords monthly, and I worry much more about stuff I have on the cloud than what I have on my home network. But it’s awesome anyways.

Honestly, you’re making a smart choice to go slowly. I’ve restored a few backups into the same home. There’s a surprising amount of fix-up work when your installation is even moderately complex. You’re committing to fix-ups in one direction. Both directions would be worse.

If you ever do decide to do this, you could easily keep people believing that you’re using your ROCKs. Just occasionally say things like “Danny recommends against a NAS” and “I used a NAS before switching to ROCKs” You won’t be explicitly lying and unless you’ve got forum members over at your houses inspecting your gear, everyone will just sort of nod and day to themselves “That guy @Johnny_Ooooops really gets it!”.

When I was doing the two place thing, I had UniFi set up client VPN in both locations. I had Macs and phones set up to turn on VPN. If I were to do it again, I’d set up site to site and leave it on like you’re doing. I wouldn’t think twice about the security issues. Your UniFi login is probably more easily attacked than your (hopefully) large, (hopefully) machine-generated key.

Good luck on your continuing journey with this stuff!. Fun to watch you tinker - even trying and failing leads to learning!

Hi all,

Relatively new to the Roon environment here, Roon ARC have been working nicely for me, but figured it doesn’t hurt to see if I could get the full Roon Remote running from an external network environment. Tried Tailscale and like the OP reported, I am able to route back into my local network, see my Roon Core (running ROCK on a NUC) admin panel, access NAS locally etc. BUT was unable to play to my Phone as an audio endpoint when connected remotely via Tailscale.

Then I tried setting up a Cisco IPSec VPN server directly on my ASUS AC-88U router, and added the VPN configuration directly within the VPN tab of my iPhone XS running iOS 16.3, switched to 4G connection and tested that the VPN worked by checking access to my local devices. Launched Roon Remote and lol behold, I was able to not only control / access everything but also play remotely using my phone as an audio output zone. Disconnected, reconnected, rebooted my phone several times to see if it was just a chance occurrence, so far my phone has consistently showed up as an audio zone. Anyway, will continue to test and play around, but so far this method allows me to access my music remotely not using ARC.

tho upon digging someone also seem to got this to work back in '21 with L2TP/IPSec VPN

Hi, did you load Tailscale on Rock on the Nuc? Thanks

Simon you cannot load Tailscale onto Rock as it is a locked down appliance.
But you can put it on another device such as PC, Mac, Synology or QNAP and run it from there using Subnet routing.

Thanks Michael…I’ve downloaded it on my PC, Mac Mini and iPhone and they can all see each other but not sure what I need to do next?

Simon you only need it on one of them in reality, if you enable subnet routing (pick the device that is on all the time).

It’s a long time ago I did this (and still have it running) but it helped Arc work reliably for me at the time. I have left it on now for closed access to my LAN when away without port forwarding.
There are instructions in this thread or another on how to enable subnet routing. I will have a look for them now.

A word of warning it used to really drain my battery on my iPhone and Android phone pretty quickly.

Thanks…Ironically the only thing I have constantly on that could act as a subnet router is the Nuc…Arc actually works fine, I just want to use Roon in my work office without changing the core back and forth and losing my downloaded albums on Arc. I’m tempted to change the NUC back to running Windows instead of Rock and just having the Core sat on it, I’m not convinced I could hear any sonic benefits of using Rock over Windows anyway…Cheers

Hi Simon I did test running Roon on a spare Nuc I had at the time with Ubuntu and also installed Tailscale on that as well.

From memory though I don’t remember that I could play to my phone as an endpoint using Roon (I could wel be misremembering this though) as the phone is not a device on the local network so Roon didn’t see it.

I started using an old iPhone with a Dongle DAC into a Sonos line-in at the office and that worked great and I am still using that setup every day I am at the office

That’s exactly what I do with an older iphone and iFi Hip Dac but it looks a bit scruffy really . First world problems I guess…Thanks for your help on this

I do similar on a NUC running Roon on Ubuntu. I’ve used ZeroTier, not Tailscale.

A ZeroTier node can be identified as a “Bridge”. If you do this on the NUC/Roon node, Android devices, which are also connected to the same ZeroTier virtual network, can be used as Roon (or Roon Ready) devices. I do this with my FiiO M11 Plus when I’m outside of of my home network. It works very well. Unfortunately, iOS devices don’t work outside of the home network using this strategy.

Hi Joe,

How did you install Tailscale on ROCK? It’s so cut down that I can’t even get a Linux admin console open. I have ROCK installed on a NUC 10 and there is nothing else running there. Do I have to start over and install my favorite distribution (Ubuntu) first and then install ROCK there in some way?

Thanks,

D

Hey Dean,

My Roon server runs in docker on a Linux server which also has a Tailscale host running in another docker container. Not too familiar with the ROCK setup, but you should be able to run Tailscale on another device in the same LAN, and as long as subnet routing is enabled you should be able to access the ROCK Nuc’s IP via the shared subnet from a different network over Tailscale. I’m doubtful the Roon multicast/DNS/etc will like this, though haha.

The simplest / best bet would be installing something like Ubuntu on the Nuc and running Tailscale alongside ROCK. Reading the ROCK docs it seems like it’s supposed to be treated as a simple black box and not modified in any way.

Hope that helps! I’ve been enjoying my home Roon instance at work via the Mac client through Tailscale, and on the go on my iPhone via ARC without any issues

@Joe_Goldin How did you manage to make it work on MacOS? I have at home NUC using AudioLinux OS and running Roon, which acts as the core for me. I have installed Tailscale on AudioLinux and enabled it. Moreover, I installed Tailscale on my MacBook. But after enabling Tailscale on my Mac and after running Roon it still cannot find the core. Note that on my iPhone using RoonARC app works fine, but somehow the Roon app on MacOS cannot fine the core. Did you change some network settings on the Mac or added some additional configuration on your Roon core machine running Tailscale?