· Do you have a mesh network? (Google Mesh, Eeros, Ubiquiti, etc.)
ARC Status
· ARC is *Not Ready*
Roon Error Code
· “Did not find UPnP service with WANIPConnection on network”
Have you successfully located and enabled the UPnP or NAT-PMP settings in your router's web UI?
· I've turned UPnP/ NAT-PMP on and ARC won't connect
Select the Diagnostic Keyword or Text String
· Something else
Don't give up yet.
· I'm stuck. I'd like to create a post to ask Roon Community for help.
Describe the issue
Hey folks, I am looking for some help as ARC has never worked for me. I can access ARC from the app on my home network but not outside of it. Equipment: M1 Mac mini running Tahoe 26.3.1 as my Roon server AT&T fiber using the modem only Router is TP-Link Deco BE3600 Arc is on an iPhone 16 Pro Max running iOS 25.5 This is the message I am getting on the ARC tab in setting { "ipv4_connectivity": {"status":"NetworkError","status_code":504,"error":"error code: 504"}, "external_ip": {"actual_external_ip":"162.aaa.bbb.ccc","actual_external_ipv6":"null","router_external_ip":"null"}, "natpmp_autoconfig": {"status":"NotFound"}, "upnp_autoconfig": {"status":"NotFound"}, "multinat_autoconfig": {"status":"Failed","error":"Router Control URL not found"} } I have port forwarded as well as reserved the ip address in the Deco app. I have also turned off private wifi addresses. I still get the error message. Please help.
Describe your network setup
ATT fiber Apple Mac mini running Tahoe 26.3.1 for my Roon server iPhone 16 promax running iOS 26.5 Both running on wifi
Thank you for your post. If you’ve created a manual rule, you can disable UPnP in the Deco router for now.
AT&T Fiber hasn’t commonly implemented CG-NAT that would block port forwarding, so it’s likely a question of verifying the following:
Double-check the AT&T gateway is in Bridge mode.
Double-check that the Mac has a DHCP reservation in the Deco app so the port forwarding rule will stick.
Verify the port number and IP in the manual rule still match those in Roon Settings → ARC.
I’d recommend recreating a rule to ensure all three conditions are met. Here’s a quick list of steps you can use:
Find your Mac Mini's local IP in System Settings → Network → your LAN adapter. Note it.
Give it a DHCP reservation in the Deco app (Advanced → DHCP Server or LAN settings or similar) so the IP doesn't change after the port forwarding rule is configured
Find the ARC port in Roon → Settings → Roon ARC.
Create a new port forwarding rule in the Deco app:
External port: that ARC port
Internal IP: your Mac mini's local IP
Internal port: same port
Protocol: TCP
Once saved, go back to Roon → Settings → Roon ARC and let it re-run the connectivity check.
AT&T gateway BGR320-500 - run IP passthrough and set it to DHCPS-fixed
manually added the Mac address of the Deco parent node
turned off both 2.4 and 5Ghz antennas on the gateway
Deco BE3600 - reserved ip address for Mac mini by going to more - advanced address reservation and selected the mini
set up port forwarding on the Deco BE360 by going to more - advanced - NAT forwarding - port forwarding - Roon arc - Service type custom - Service name Roon arc - Internal ip set yo my reserved ip for Mac mini - internal port set to 55002 (the port Roon says to use) - external port set to the same port number 55002 - protocol TCP
Thanks for the detailed breakdown of your setup. On paper, you have done everything exactly right.
The good news is that the AT&T IP starting with 162.x.x.x most likely a true public IP. This means we can rule out CG-NAT—your external traffic is reaching your AT&T gateway. Since the traffic is making it to your house, the block is happening somewhere inside the local network.
Let’s look at the two most common culprits in this specific topology:
“Phantom” Double NAT on the Deco
Sometimes, even after putting the AT&T BGW320 into IP Passthrough mode, the connected router fails to renew its IP lease. As a result, the Deco might still be sitting behind a local IP assigned by the AT&T gateway, rendering your port forwarding useless.
How to check: Open your Deco app, find your internet connection details (IPv4/WAN settings), and look at the WAN IP address.
What to do: If that IP is a local address (like 192.168.x.x or 10.x.x.x) instead of your public 162.x.x.x address, your Deco hasn't picked up the IP Passthrough yet. To fix this, completely unplug both the AT&T gateway and the Deco. Plug the AT&T gateway back in first, wait for it to fully boot and show a solid light, and then plug in the main Deco node. Check the app again to ensure the Deco has grabbed the public IP.
2. macOS Tahoe Firewall
Even if the Deco is flawlessly forwarding the traffic, the built-in firewall on your Mac mini might be silently dropping the incoming connection on port 55002 since it originates from outside your network.
How to check: On your Mac mini, go to System Settings -> Network -> Firewall.
What to do: Temporarily toggle the firewall completely off. Once disabled, go back to Roon -> Settings -> Roon ARC and click "Retry". If ARC connects successfully, you'll know this was the block. You can then turn the firewall back on and manually add Roon to the list of allowed incoming connections.
Give those two checks a try and let us know what you find!
Ok, so the IPV4 address from AT&T does not match the address reservation for the Mac mini. Is this what you were talking about in the previous message? Also the Mac mini firewall is already disabled.
Thanks for checking that! To clarify, it is completely normal that the AT&T IPv4 address does not match your Mac mini’s IP address. Your Mac mini is on your internal network, so it should have a local, private address (like 192.168.x.x).
Since your Mac’s firewall is disabled, we need to look at the routing path. In a setup like yours, ARC traffic has to successfully pass through up to three layers of Network Address Translation (NAT). If the “door” isn’t open at every layer, the connection fails.
Let’s figure out exactly which layer is blocking the connection by checking two things:
1. Layer 1: ISP CG-NAT Check Please go to a website like whatismyip.com from any device on your Wi-Fi. Look at the public IP it shows. Does it match the 162.x.x.x address you see in your AT&T settings?
If they do NOT match: Your ISP is using CG-NAT. Port forwarding won’t work because the block is happening at the provider level.
2. Layer 2: The “Double NAT” Check (AT&T vs. Deco) Open your Deco app and look for the Internet IP or WAN IP assigned to the Deco.
If the Deco shows a local IP (e.g., 192.168.1.x or 10.x.x.x): This means your AT&T gateway’s IP Passthrough is not working correctly. The AT&T box is still acting as a router, putting your Deco behind a second NAT layer.
If the Deco shows the public 162.x.x.x IP: IP Passthrough is working perfectly, and the issue is strictly inside the Deco’s port forwarding rules.
Next Steps: If your Deco is showing a private/local WAN IP, the port forwarding rule you created on the Deco is hitting a dead end at the AT&T gateway. You will either need to troubleshoot the IP Passthrough on the AT&T gateway so the Deco gets the public IP, OR you will need to set up a “double port forward” (Forward port 55002 on the AT&T gateway to the Deco’s WAN IP, and then forward 55002 on the Deco to the Mac mini).
Could you please check the WAN/Internet IP in your Deco app and let me know what it is (you can just tell me the first two numbers, e.g., 192.168 or 162.x)?
OK, so my “what’s my ip” address is showing 162.x. Under the internet connection tab in the deco it is showing 192.168.x. Furthermore, under internet settings my ip type is listed as dynamic, the DNS is set to auto and the MTU size is set to 1500 bytes. This is all under ipv4 btw.
I attempted the double port forwarding by going into the AT&T gateway - Firewall - NAT/Gaming and added a custom service.
The following info was added: Name - Roon, Global Port Range - I was unsure so I just added 55002 into both fields, Protocol - TCP/UDP, Base Host Port - 55002.
That also had no effect and left me with the same error message in Roon Arc.
Just checking in on this. Were you able to re-check the manual port forwarding rules in Roon, the Deco, and the AT&T router, then reboot both routers? If that still leaves the diagnostic unchanged, we can also try a different port like 56000 or 59000 and confirm UPnP/NAT-PMP are turned off while the manual rule is in place. Let us know what you see in Roon Settings, thanks.