VPN: step-by-step

Hi Hilton.
Did you put the step by step guide together in any form?
Please point me to it if you did.
Many thanks.

Hey @Max_Mackenzie,
Thanks for posting that info, I have a spare Raspberry Pi so I might try and give that a go. Could I trouble you for some more details to get me started?
I assume the RoonCore and Raspberry Pi are on the same subnet.
Which VPN protocol do you use from the iphone to the raspberry pi?
Did you have to do port forwarding from your router to the pi?
Any specific setting on the vpn get Roon discoverable / The player working?
I am very keen to get this working after having no luck with with VPN server built into my router…
Thanks alot.

hi Guy I used the site Softether.org


and the best is to go for a 16 GB flashcard for the VPNserver and Raspi3 or Raspi4
The core and Pi3 do not need to be on the same subnet - here I have two VLANs and the main thing is ROON core only advertise on ONE net not multi - SO be sure the subnets all are accessible both sides v.v. if not you will see a Connection to the core but NO data …is popping up in the client. Indeed you need to forward several ports for ROON to the VPN server … these are UPD 500, 1701, 4500 TCP/UDP 9100-9200 and TCP 1723

Mind installation of VPN server is pretty straight forward, and also ports not to difficult, but Make sure you set ups IP/SEC L2TP otherwise NO work :slight_smile:

For iPhone I use the regular VPN IPSEC

hope it helps a little… regards,

1 Like

And … the easiest way is to have it on the same subnet Core and VPN - if you Donot have mesh subsets… you are good to go - here I have a few roaming around and … this could be pesky when starting the router or DHCP

1 Like

Easiest solution for laptop so far.

1 Like

Hi @Max_Mackenzie,
OMG! it worked!!! I am beyond happy :slight_smile:
The setup was pretty straight forward.
I didn’t have to forward any of the ports you mentioned to get it to work… Is that becuase the VPN server is on the same subnet as the Core server?
I’ve tested it over 4G and it worked perfectly.
One odd thing, I have to disable WIFI for roon to see the iPhone as an audio device. If I don’t it just get stuck trying to enable the audio device. Can you imagine why?
Thanks again for the tips. much appreciated.

For anyone else who wants to give it a go. I did the following:

  1. Create an SD card image (standard Raspian) with this app: https://www.raspberrypi.org/downloads/
  2. Booted the Pi with the sd card with a montior, keyboard and mouse.
  3. Assigned the Pi a fixed ip (DHCP allocated)
  4. Updated all the software to the latest and enabled SSH and VNC from the menu
  5. Followed this video pretty much to the letter to setup SoftEther: https://www.youtube.com/watch?v=uOP7XyRweRw
  6. Port forwarded ports UDP 500 and 4500 to the VPN server.
  7. Setup an L2TP vpn on my iphone. notes on the fields:
    Server: You will need to have a Static public IP or use a DNS service to map to your dynamic
    Account: will be the you login name @ Virtual hub name. So if you user is ‘fred’ and your virtual hub was ‘remote’, your login should be ‘fred@remote’
    Secret: is the IP pre-shared key from the IPSec/L2TP/EtherIP/L2TPv3 Sever setting page on softether server



Good work Guy! Awesome !!! Disconnect WiFi I assume that ROON is single point and get confused with multipoint - here I run two VLAN and need to have two IP’s one for wired and one for WiFi otherwise remotes do not see ROON and the remotes are connecting to VLAN 2 But the Core is quietly running in VLAN 1

So I expect you are a happy camper now :wink: all the best Regards Max

Very happy indeed :slight_smile:

One thing I’d like to try is whether I can run from another house which has a LAN to LAN VPN. I do that at my dad’s house (and work). I wonder whether it’l work off the WIFI there connecting back to my place

Reason for no port forwarding means that all traffic to your lan is without restrictions meaning hacker and Trojan friendly… my advise is to block
All unnecessary ports and use https because one day you will be the lucky one who has to pay to decrypt your own data… it is just a warning :warning: best regards Max

Sorry, my mistake, I had opened the roon ports previous on my server trying, trying to get the VPN working.
All my machine run windows firewall with the default settings. I only have the VPN and a couple of other external ports forwarded.
But I do only use one LAN (i don’t use VLANS).
Do you think running VLANs is worth it?
And when you say ‘use https’ at what point do you mean that should be used? Internally or externally?
Thanks, you’ve got me a bit worried now! :slight_smile:

Maybe it’s just my lack of knowledge but I’m running ExpressVPN on my Win10 Core through one server somewhere out there and on my iPhone 11 Pro Max, also running ExpressVPN but through a different server and everything woks perfectly fine.

1 Like

Hi Guy,

Just in short - just enough to relief;-)

Https should be necessary when you run something like a website or public shares/ directory’s on your own privat local LAN here you use in most cases port 443 or 445 for security and need a certificate of security.

If you do NOT service any type of that than the most common ports should not be forwarded to an internal machine. By default all routers In combination with the ISP do have Rules what should or not should be done. If you have any doubt just reset the router to factory’s default, mind the password!!! Before doing so… Or better - make a router backup before resetting. (Check your ISP)

To LAN or VLAN … This depends on your traffic and management of the infrastructure of your situation.
Using VLAN can mind the word can bring some benefits in speed. And reductions of digital noise.

Last mentioned is advised to do when your situation heavily relies on datatransport. Like our home infrastructure has Zwave plus, Zigbee, Sonos, digital TV, digital Streams Tidal, ROON and Audirvana And Wireless 5G. And lot of more tiny thinks… but i stick to the “big consumer”.

I split the VLAN into 2 groups VLAN1 and VLAN2 VLAN1
for SmartHome Homey, digital TV and wireless 5G, MacOS server 5.7 FTP, WebDAV and websites.

VLAN2 just for audio (Next setup will be digital TV changed to this group when entering our new appartement)

And than the VPN server VLAN3 but this is an open connection to VLAN1 I was to lazy to … separate

The switch needs to be manageable otherwise no possibility…

Hope it gives you a little insight have fun but overall ENJOY… walk with your HighRes headset in the park and listen to your favorites in sublime quality

Regards Max

I am curious as well. I have configured wireguard on my raspberry pi and it is great, but I haven’t managed to use Roon from outside the local LAN (yet, hopefully!)
Maybe it is just matter of forwarding some ports, maybe it is more complicated than that, or maybe it is completely impossible, for whatever reason. It would be good to know…

Did anyone try ZeroTier? (https://zerotier.com/)

I just installed it. Seems to work a lot better than the different VPN solutions Ive tried till now. Will try streaming from my roon core to my iphone in the car later today.

Installed on Synology and iPhone. Both Authorized but cannot load Core.

Did you try to restart the core, after installing zerotier?

I did not. I will try that suggestion. Thank you

The steps I took to get zerotier to work:
Installed ZeroTier on the windows computer running roon core.
Created an account in zerotier
Created a network in zerotier
Connected the windows computer to it by using the network ID (this I found counter intuitive, I assumed initially that the computer that I installed zero tier on would automatically be connected.
Connected the iphone to the network ID
Then finally you need to authorize the two clients from zerotier network provisioning web page by placing a checkmark in front of the two clietns.

Then I did restart Roon, but I dont think it is necessary.
What I do believe you need to do before starting Roon on your Iphone is to open a webpage to the server on which roon is running. I have some other tools like domoticz running on it, so opening a webpage from the phone to the ip address specified in zero tier for my server (so not the local LAN address) seems to “punch a hole” in the firewall of my router and allows roon to connect from my iphone using the 4G connection.

This is how I got it to work, been driving a couple of hours using Roon in my car without a problem using hi-res FLACs stored at home.

1 Like

Running ZeroTier on the Synology and the iPhone but I cannot get the Roon Core To load on the phone. My LAN is 10.0.1.X and the iPhone, when connected gets an IP address from ZT of and the Synology has an IP of

Can’t figure out how to get the Core to load. I can however get the Roon webpage to load on the iPhone with the address

1 Like