Use Airplay device (Apple TV) in different IP subnet (for example over VPN)


I would like to have Roon use an Apple TV as an audio output device via Airplay located on a different IP subnet.

I have set-up the Bonjour Proxy on the same system as the Roon core (OS X) using dns-sd for my remote Apple TV on the other IP subnet for the following services:


The remote Apple TV can be used as an Airplay output device from the OS X audio system without any problems - when I select the System Output in Roon and switch that via the OS X settings to the remote Apple TV Airplay device, audio is played on the remote Apple TV.

The Roon core does recognise the remote Apple TV and lists it as an available Airplay device in the audio settings, but unfortunately, the IP Address it displays is incorrect. Roon lists the IP address of the underlying system where the Roon core is running as the IP address of the Apple TV. When enabling and selecting the remote Apple TV within Roon directly, no audio is played.

Any ideas what could be the problem? Is there another Bonjour service which has to be defined? Or is this a “bug/feature” of Roon, not allowing Airplay devices in other IP subnets?

Any help/insights?



PS: For those interested, here is a document describing the dns-sd and how to proxy bonjour:

@mike, @Josep, just noticed your related topic Remote Control from another LAN

It seems like this is a known issue. Do you have any insights if and when this might get fixed? Or is there a workaround (other than using system output?).



I know some basic network administration info. I believe you may have to use NAT to translate an IP address on the same local subnet as the roon server to the remote IP address of your Apple TV on the other subnet and allow the ports used by Airplay to be forwarded from the local to the remote IP address.

I use pfsense at home and would configure this using virtual ips which would create the NAT rules automatically. It may be named similarly with you router/switch or it falls under the NAT configuration section.

Thank you for the additional info. But I am not sure I understand how NAT would help. It seems like Roon is somehow detecting the IP Address from where the Bonjour Broadcasts are sent in the local subnet (in my case the Bonjour Proxy) instead of using the IP Address in the remote subnet, which is included in the Bonjour Broadcast of the Bonjour Proxy.

Not sure if that matters, but the two subnets are connected via a VPN tunnel. Can you elaborate how NAT could help in ths scenario?

What I am suggesting is implementing parts of the first/checked answer, though the other answers may help, too:

1. You can forward multicast. It might be tricky though, but there are routers/firewalls capable of this. RTFM how exactly, but the idea is that you have to forward multicast traffic with destination address to another network and you have to do it without decrementing TTL.


There is one more (again theoretical though :wink: brute force option - create a DNS-SD entry for your router address as an Airplay receiver for the network with Airplay senders and forward (NAT) the UDP stream to the real Airplay receiver. But even with this there are some possibilities (for Apple engineers) to break it.

For other possibilities Google: airplay between subnets

In essence you are configuring your airplay receiver to masquerade as a local ip address to roon since the bonjour proxy doesn’t appear to work.

Subnet 1 (a.b.c.d.*)
Roon (a.b.c.1)
Subnet 2 (a.b.d.d)
Airplay Device (a.b.d.2)

Subnet 1 (a.b.c.d.*)
Roon (a.b.c.1)
Airplay Device (a.b.c.2) NATed to (a.b.d.2)
Subnet 2 (a.b.d.d)
Airplay Device (a.b.d.2)


I was able to get Roon Remote working between two subnets in the following scenario using 1:1 NAT on a pfsense firewall/router:

LAN - - Roon Server - AirPlay device - 1:1 NAT to on LAN2

LAN2 - - Roon Remote and Bridge - 1:1 NAT to on LAN1

I also had to add firewall rules to allow traffic from -> on ports UDP 9003 and TCP 9100-9200 -> on ports UDP 9003 and TCP 9100-9200

And add Virtual IPs for and (I’m not sure how you do this for non-pfSense router).

With this setup, I can play music on the AirPlay device via the laptop. Maybe you could do the following:

LAN - - Roon Server - Roon Remote - 1:1 NAT to on LAN2

LAN2 - - Airplay device - 1:1 NAT to on LAN1

I also had to add firewall rules to allow traffic from -> on the ports TCP 80, 443, 554, 3689, 5353 and UDP 554 -> on the ports TCP 80, 443, 554, 3689, 5353 and UDP 554

And add Virtual IPs for and (I’m not sure how you do this for non-pfSense router).

There may be other ports that need to be opened for AirPlay, but you’ll have to use wireshark or firewall logs to find out what is being blocked.



Although it is a old post, i have a similar problem here: roon core in one subnet and roon endpoints in another subnet. I also have a pfsense firewall, like you describe here. I made the NATs and the VIPs and there still is a problem: i open the roon player/endpoint which sees and connects with the roon core, but i don’t have the audio devices locally attached on the endpoint. in the list of audio devices , only the “connected to core” audio device appears, not the other ones that i have in my network with the endpoints.
Why? It sure must be a problem regarding the communication between the core and endpoints, but how, where?
Did you have the same?

If you look in the tinkering section of the forum there are many people discussing VPN access maybe one of the posts there might help?