I have changed my ISP to Gigaclear who have provided a Linksys MX5500 router/mesh system. Roon operates fine, but I cannot access ARC. I have followed the online help and suggestions and tried the following. I have ensured upnp is active and I have tried disabling it, reactivating it, and restarting the router. This does not solve the connection issue. I have created a port forwarding rule for Roon ROCK, restarted the system and tested again, but Roon still states ARC is not ready and was unable to securely access the Roon server. I have also temporarily disabled the ipv4 and ipv6 firewalls, but again this does not allow access to the Roon server. The below is the information given in the diagnostics data box: { "ipv4_connectivity": {"status":"NetworkError","status_code":504,"error":"error: Error: ETIMEDOUT, response code: undefined, body: undefined connected? undefined"}, "external_ip": {"actual_external_ip":"194.aaa.bbb.ccc","actual_external_ipv6":"null","router_external_ip":"null"}, "natpmp_autoconfig": {"status":"NotFound"}, "upnp_autoconfig": {"server_ip":"192.168.1.1","found_upnp":true,"error":"
s:Client UPnPError
501 PAL_UPNP_SOAP_E_ACTION_FAILED
"} }
Any assistance you could provide would be much appreciated.
It looks like, for some reason the uPnP request to setup the Port Forwarding in the Linksys router is failing for some reason.
It may be that the port being requested is already in use. You could try changing the port used by ARC to something like 55500 (more or less anything in the range 1025 to 65535). See Roon->Settings->ARC.
If this does not help, you could try setting up a manual port forwarding rule in the Linksys router to forward all connection on the ARC port to the Roon Server ip address.
If you do this, and it works, then:
If you are not using uPnP for anythingyou should consider disabling it.
You should probably consider setting up an ip address reservation for your Roon Server in the DHCP settings of your Linksys Router so that the ip address allocated to the Roon Server does not change.
Note: I prefer using DHCP reservations over a true static ip address (which would achieve the result as far as the port forwarding rule was concerned) because it makes changing the LAN subnet configuration ( as may happen, for example, when swapping a router for one supplied by a new ISP) simpler.
Thanks for your suggestions. I have set up a manual port forwarding rule for the ROCK and I have now tried various different port numbers in that range, but unfortunately to no avail. I have also reserved the IP address for the ROCK in the router configuration, but this doesn’t seem to be the issue either. For the time being I am leaving uPnP switched on - I assume this should not interfere with any manual settings I have setup?
With the manual port forwarding rule in place, can you:
Try turning off uPnP and see if that works (It should make no difference - but it’s always wise to elliminate possibilities).
Post the Arc connectivity diagnostic text here.
Finally, you say your ISP is Gigaclear. Is this in the UK? If so, whilst they originally gave out standard ipv4 ip addresses over DHCP, it appears that they may be introducing CG-NAT - at least for some customers. See the third post in this conversation thread:
The external ipv4 address reported in your original post (194.aaa.bbb.ccc) does not appear to be in the range normally associated with CG-NAT so you may be OK but if the diagnostic text now refers to 'MultipleNatFound, then this may be an indication that Gigaclear is using CG-NAT to issue you with an ip address.
If Gigaclear are using CG-NAT to issue you with an ip address, then you will need to contact them explaining that you are running an internet facing server which needs to be able to support incomming connections. They may then be able to change your account to use an ip address from a non-CG-NAT pool or even issue you with a static ip address.
I’ve now had a chance to have a further look at this. I have tried disabling uPnP, but no change.
I’ve had a read through the link you kindly provided, but I’m afraid that’s all a bit over my head, I don’t really understand most of it.
What I can say is that DHCP is enabled, uPnP on or off doesn’t seem to solve the issue and I have tried setting different ports to allow access, but this also doesnt help.
After your mention of cg-Nat, I noticed that under ’Advanced routing’ in the router settings there are options for NAT and Dynamic Routing (RIP). This is set to NAT. I tried dynamic routing but then I lost internet access. Could this suggest Gigaclear could be using cg-Nat?
Anyway, this is the ARC connectivity diagnostic as it stands:
As I said in my post above, the diagnostic text does not seem to indicate an issue with Multiple Nat. You router is obviously using NAT - this is as it should be. But there is no direct evidence that your ISP is using CG-NAT. That was just one thing that you could investigate. You will sometimes not be able to tell if your ISP is using CG-NAT. The only indication that usually (but not always) occurs is if your routers WAN ip address is in the range 100.64.0.0 to 100.127.255.255 which yours does not appear to be.
The diagnostic text above seems to indicate that your router does not like the uPnP request from Roon Server. This is not unknown.
Your best best is to turn off uPnP (in your router settings) and then add a port forwarding rule manually.
Ok, thanks to your help and having dived deeper into the advanced router settings I think I may have found the issue. You say that an indication that my ISP is using cg-Nat is when the IP address is in the range 100.64.0.0 to 100.127.255.255. I have just found, deep within the settings for conducting diagnostic checks on the connection, a box headed ‘Trace Route’. Under this it shows an IPv4 address of 100.64.. The stars here represent a number which I’m obviously just not publishing here. There is also a section for IPv6, but that is blank. From the information you’ve provided, it looks like my ISP could be using cg-Nat, so I will get in touch with them and see if I can get this resolved. I will explain the issue and ask that they provide an internet facing server which needs to be able to support incoming connections, and see what they say.
Thank you so much for your help and valuable advice, it’s much appreciated. I’ll update here when I know more.
Just had a live chat with Gigaclear, who confirm I am on CG-NAT. They state they can provide me with a static IP address, but I am a little concerned this is more of a security risk. Just wondering if others have had to opt for static addresses and what, if anything, can be done to minimise any additional risk? I’m not sure I want to risk going static unless there is something else I can do to mitigate the risks.
I suppose, in principle, a static ipv4 address does degrade security to a small degree - but not, IMHO, to the degree that you need to worry about it.
The big increase in risk is that, should a bad agent discover a weakness in security, they will be able to exploit it indefinitely (or at least until you fix the weakness) where as with a dynamic ip address, a change in WAN side ip address hides the issue again (at least until it is re-found).
It should also be noted that different ISP’s implement dynamic ip addresses in different ways. When I was with Virgin Media in the UK, on a couple of occaisions I retained the same ip address for more than a year. Now I am with BT, it seams that my ip address changes every time I reboot my router (and sometimes more frequently). I would contend, that the stable dynamic ip address that I had with VM does not offer a significant security advantage over a static ip address.
In either case, good security practices (both in the admin of the router and user practices) are most important.
