VPN: step-by-step

Hi @Max_Mackenzie,
OMG! it worked!!! I am beyond happy :slight_smile:
The setup was pretty straight forward.
I didn’t have to forward any of the ports you mentioned to get it to work… Is that becuase the VPN server is on the same subnet as the Core server?
I’ve tested it over 4G and it worked perfectly.
One odd thing, I have to disable WIFI for roon to see the iPhone as an audio device. If I don’t it just get stuck trying to enable the audio device. Can you imagine why?
Thanks again for the tips. much appreciated.

For anyone else who wants to give it a go. I did the following:

  1. Create an SD card image (standard Raspian) with this app: https://www.raspberrypi.org/downloads/
  2. Booted the Pi with the sd card with a montior, keyboard and mouse.
  3. Assigned the Pi a fixed ip (DHCP allocated)
  4. Updated all the software to the latest and enabled SSH and VNC from the menu
  5. Followed this video pretty much to the letter to setup SoftEther: https://www.youtube.com/watch?v=uOP7XyRweRw
  6. Port forwarded ports UDP 500 and 4500 to the VPN server.
  7. Setup an L2TP vpn on my iphone. notes on the fields:
    Server: You will need to have a Static public IP or use a DNS service to map to your dynamic
    Account: will be the you login name @ Virtual hub name. So if you user is ‘fred’ and your virtual hub was ‘remote’, your login should be ‘fred@remote’
    Secret: is the IP pre-shared key from the IPSec/L2TP/EtherIP/L2TPv3 Sever setting page on softether server



Good work Guy! Awesome !!! Disconnect WiFi I assume that ROON is single point and get confused with multipoint - here I run two VLAN and need to have two IP’s one for wired and one for WiFi otherwise remotes do not see ROON and the remotes are connecting to VLAN 2 But the Core is quietly running in VLAN 1

So I expect you are a happy camper now :wink: all the best Regards Max

Very happy indeed :slight_smile:

One thing I’d like to try is whether I can run from another house which has a LAN to LAN VPN. I do that at my dad’s house (and work). I wonder whether it’l work off the WIFI there connecting back to my place

Reason for no port forwarding means that all traffic to your lan is without restrictions meaning hacker and Trojan friendly… my advise is to block
All unnecessary ports and use https because one day you will be the lucky one who has to pay to decrypt your own data… it is just a warning :warning: best regards Max

Sorry, my mistake, I had opened the roon ports previous on my server trying, trying to get the VPN working.
All my machine run windows firewall with the default settings. I only have the VPN and a couple of other external ports forwarded.
But I do only use one LAN (i don’t use VLANS).
Do you think running VLANs is worth it?
And when you say ‘use https’ at what point do you mean that should be used? Internally or externally?
Thanks, you’ve got me a bit worried now! :slight_smile:

Maybe it’s just my lack of knowledge but I’m running ExpressVPN on my Win10 Core through one server somewhere out there and on my iPhone 11 Pro Max, also running ExpressVPN but through a different server and everything woks perfectly fine.

1 Like

Hi Guy,

Just in short - just enough to relief;-)

Https should be necessary when you run something like a website or public shares/ directory’s on your own privat local LAN here you use in most cases port 443 or 445 for security and need a certificate of security.

If you do NOT service any type of that than the most common ports should not be forwarded to an internal machine. By default all routers In combination with the ISP do have Rules what should or not should be done. If you have any doubt just reset the router to factory’s default, mind the password!!! Before doing so… Or better - make a router backup before resetting. (Check your ISP)

To LAN or VLAN … This depends on your traffic and management of the infrastructure of your situation.
Using VLAN can mind the word can bring some benefits in speed. And reductions of digital noise.

Last mentioned is advised to do when your situation heavily relies on datatransport. Like our home infrastructure has Zwave plus, Zigbee, Sonos, digital TV, digital Streams Tidal, ROON and Audirvana And Wireless 5G. And lot of more tiny thinks… but i stick to the “big consumer”.

I split the VLAN into 2 groups VLAN1 and VLAN2 VLAN1
for SmartHome Homey, digital TV and wireless 5G, MacOS server 5.7 FTP, WebDAV and websites.

VLAN2 just for audio (Next setup will be digital TV changed to this group when entering our new appartement)

And than the VPN server VLAN3 but this is an open connection to VLAN1 I was to lazy to … separate

The switch needs to be manageable otherwise no possibility…

Hope it gives you a little insight have fun but overall ENJOY… walk with your HighRes headset in the park and listen to your favorites in sublime quality

Regards Max

I am curious as well. I have configured wireguard on my raspberry pi and it is great, but I haven’t managed to use Roon from outside the local LAN (yet, hopefully!)
Maybe it is just matter of forwarding some ports, maybe it is more complicated than that, or maybe it is completely impossible, for whatever reason. It would be good to know…

Did anyone try ZeroTier? (https://zerotier.com/)

I just installed it. Seems to work a lot better than the different VPN solutions Ive tried till now. Will try streaming from my roon core to my iphone in the car later today.

Installed on Synology and iPhone. Both Authorized but cannot load Core.

Did you try to restart the core, after installing zerotier?

I did not. I will try that suggestion. Thank you

The steps I took to get zerotier to work:
Installed ZeroTier on the windows computer running roon core.
Created an account in zerotier
Created a network in zerotier
Connected the windows computer to it by using the network ID (this I found counter intuitive, I assumed initially that the computer that I installed zero tier on would automatically be connected.
Connected the iphone to the network ID
Then finally you need to authorize the two clients from zerotier network provisioning web page by placing a checkmark in front of the two clietns.

Then I did restart Roon, but I dont think it is necessary.
What I do believe you need to do before starting Roon on your Iphone is to open a webpage to the server on which roon is running. I have some other tools like domoticz running on it, so opening a webpage from the phone to the ip address specified in zero tier for my server (so not the local LAN address) seems to “punch a hole” in the firewall of my router and allows roon to connect from my iphone using the 4G connection.

This is how I got it to work, been driving a couple of hours using Roon in my car without a problem using hi-res FLACs stored at home.

1 Like

Running ZeroTier on the Synology and the iPhone but I cannot get the Roon Core To load on the phone. My LAN is 10.0.1.X and the iPhone, when connected gets an IP address from ZT of and the Synology has an IP of

Can’t figure out how to get the Core to load. I can however get the Roon webpage to load on the iPhone with the address

1 Like

Listening to my home Roon via a Layer 2 VPN, aka TAP, on both my android phone via Verizon LTE and Win10 Laptop (also Verizon LTE tethered).

Sadly: it only works for a moment and buffers out after 3-30 seconds. I believe this is due to latency in the connection. Here’s the how-to post I made. Enjoy!

I use zerotier at work and it works great.
But it doesn’t work on the Iphone. On the iphone only get de roon display. http://172.25.xxx.xxx:9100/display

1 Like

Rainy day with covid restrictions. Being playing with softether and a couple of Pi4s. I really struggle with terminal as a Linux novice but managed to get the Softether VPN server up and running using raspbian gui .

I have a 4g router for the motorhome but my 4g network signal at home is very poor so my successes have been somewhat limited by frequent dropouts on the softether vpn client. The Softether client has been installed on another Pi4 again running Raspbian along with a HifiBerry Dac+. A bit of a faff getting a routed Ipv4 lan address but that’s down to my ignorance but we got there. Yes when it’s connected to the VPN server I can see the Dac+ via my Roon core and play music for a little while. I must try swapping sims with my phone

My Pixel 4 XL apart from the sample rate conversion seems to work fine with Roon via Softether VPN but that has a consistently better 4g connection

Apologies for the x-post but this step-by-step answers the OP’s question.

Is there a step missing above to bridge the 2 networks (presumably on the windows computer) so the remote iPhone can see the core? Did you have to tweak any default ZeroTier settings? I have a very similar setup as yours and followed your steps (thanks!) but Roon on the phone couldn’t connect in the end.

I should add that my networking background is VERY limited :slight_smile: