So as a networking / systems engineer it really annoyed me that Roon wasn’t reachable between subnets. I won’t go into why I need multiple VLAN’s at home, but it is what it is. I just got it working and it seems stable so far and a quick search in the forums makes me think I’m the only person to document this solution. As always, YMMV.
Anyways, my config:
Internet <-> pfSense <-> Multiple /24 network segments
My Roon core is 172.16.1.100 where my laptop moves between the 172.16.1.0/24 network (works fine as you’d expect) and 172.16.2.0/24 network (unable to locate the Roon core).
The challenge is that Roon does discovery on UDP/9003 which is sent out the local broadcast address (172.16.1.255 or 172.16.2.255 depending on what network). IMHO, Roon should be using multicast for this since that is routable (mDNS anyone?), but whatever.
The problem is, even if you forward these packets from one subnet to another, you also have to modify the destination IP address since a host on 172.16.1.0/24 will ignore traffic destined to 172.16.2.255 even if it lands on the network card.
Anyways, this solution should work for anyone who can figure out how to compile a simple C program for their router/firewall. For my pfSense box, that means FreeBSD/x86_64. I haven’t tried, but in theory it should work for all you Ubiquiti people (Linux/MIPS64) but you’ll need to cross-compile for the MIPS64 architecture.
That said this is what you need to download & compile: https://github.com/udp-redux/udp-broadcast-relay-redux
It’s actually a really simple program which listens to UDP broadcasts on certain interfaces and does the necessary forwarding & rewriting of the destination IP for other the interfaces. For me that meant running:
udp-broadcast-relay-redux --id 1 --port 9003 --dev lagg0 --dev lagg0.200
because lagg0 and lagg0.200 are my network interfaces- you’ve probably using different names. Definitely check out the docs for the program. If you have other VLAN’s and you don’t want them visible to Roon (like my VLAN 300 which I have for IoT devices) then don’t list it.
What this means is that when my laptop (172.16.2.109) sends a udp/9003 packet to 172.16.2.255 udp-broadcast-relay-redux sees the packet on the lagg0.200 interface and changes the destination IP to 172.16.1.255 and sends it out lagg0 where my Roon core lives. The opposite happens when the Roon core (172.16.1.100) sends to 172.16.1.255, now my Roon app on the laptop sees it.
I’ve tested and I can even control other zones on the 172.16.1.0/24 network from my laptop.
Anyways, in theory this should also be workable for talking to their Roon while on the road over a VPN. In theory, you shouldn’t need to require a L2 VPN- a more traditional L3 VPN would work if you make sure to specify the appropriate VPN tunnel interface on the firewall. But I haven’t tested that either (definitely on my list though).