VPN: step-by-step

Maybe ROON could just get their act together and build in remote access similar to plex by default in their software. It would be so easy to implement.

This is literally the most talked about topic on here and the biggest hurdle for any new roon users. They think

“Wait… your telling me to spend money on software that also requires money on an ADDITIONAL streaming platform?”

So many of my friends have tried roon and just uninstalled it once they realise they cant use a single app across all devices remote or local. It’s really silly in the day and age of streaming.


So I’ve got ZeroTier running successfully on my Synology and iPhone. Of course, I don’t have remote connectivity to Roon.

Is there any port forwarding rules that I am missing that will allow my iPhone running Room to see my local network with VPN on?

Hi Hilton,
A newbie here…was reading posts re Roon VPN and came at yours.
Can you please guide me for VPN setup?
I got following set up,
HPE ProLiant MicroServer Gen8 running WIN 10 ( connected with LAN Cable to the modem/router, Plex and Roon Core on this machine)
Raspberry Pi 3B/HifiBerry DAC+( connected with wifi, running Ro Pieee XL)

Is there a way around port forwarding 500 and 4500?

I use a Unifi Security Gateway with an LT2P VPN, when you try and port forward 500 or 4500 you get the error: “Port forward conflicts with IPsec (ports 500 and 4500)”

So i seem a bit stuck?

I finally got my Roon streaming through vpn working.

do NOT use the ios build in vpn client,try other vpn client app,for example,OpenVPN Connect.

1 Like

That would be interesting for me, too.
I managed to set up a VPN via my Fritz!box 7590. Everything works perfectly respectively I can access like at home (including my DiskStation). Only the Roon app on my MacBook does not find my Roon Core on my DiskStation via VPN.
Is there anything I can do / change?

1 Like

There is a very well done step by step guide by Aaron in another tread:

With his help to change something in his nice tool, I managed to have everything working using WireGuard on a Raspberry Pi. Lean, quick, stable, no problem at all so far.

Not sure if it fits your needs, but it worked great for me. By the way, I had setup WireGuard in any case, Aaron helped me to have Roon core in my local network visible from devices connected via VPN from outside.

There is another tread explaining in details how to setup WireGuard on a gateway, if it might help:

Hi Toni,
Sorry about late reply.
Can you check if you are using L2TP/IPsecPSK protocol and also enabled IpSec pre-shared key?


Thanks for posting this. I was able to get this working using Softether also. I installed it on my Windows PC, and was able to play through my iPhone from my core on my Mac Mini while away from home.

Roon core running on QNAP as is OpenVPN server. I can VPN from my phone (S20) and play Roon to my phones output while out and about (Yay!). But the thing that I can’t figure out is why I can’t VPN in from my (Win10) laptop and play to it’s audio output? I can connect to the core and browse albums, but the laptop is not available as an audio output device. It is available when at home and connected to local network, just not when I VPN in. Anyone have any suggestions?

I tried this but still can’t play to my laptop’s audio while VPN’d in.

I can connect to the Core and control all of the endpoints on my LAN though. My setup is:

Roon Core and Open VPN both running on QNAP NAS -

LAN: 192.168.0.x with a mask of (Configured on router)
If I understand correctly, this makes the list of valid ip’s -

QVPN ip pool: -

Laptop is getting with a mask of

What am I missing? Need to adjust the masks somehow?

Not sure if you have the same problem as I had have … my ISP dhcp start on 192.168.1.x and I use SoftEtherVPN server - when outside I manage to use my iPhone as Roon endpoint, wherever I go on 4G or WiFi, but as soon I entered my Son condo hooked up to his WiFi, I could see all Roon endpoints but NOT my iPhone … duh! It turned out he has the same range 192.168.1.x and indeed the same ISP. So I changed my own DHCP range to 192.168.51.x and all gone! Works like a charm


I managed to get Roon running over VPN using the VPN-services of my Asus Router (RT-AX88U), but its been mercurial at best.

here’s what I did

  1. set up an IPSEC server using my Public IP
  2. Forwarded ports 9100:9200 and 9003 to the IP Address of the My Rock Server
  3. Set up a user ID, password and PSK and configured the same in my iphone vpn settings.
  4. changed the VPN clients ip setting for 192.168.1.x (the Router serves 192.168.0.x)
  5. set up a static route to 192.168.1.x

It works, very temperamentally. Most times Roon comes up, without the phone showing up as an endpoint. a reboot, normally ends up getting the Iphone to show up as an end point (and I managed to connect it to my car… see below)

but this is temporary and not truly repeatable. I am sure I am missing something so any insight would be very welcome.

I will be trying a rpi based Softether and wireguard server. Lets see what works better (or at all). but if I could get my asus router going with some reasonable tweaks that would be best.

since I (happily) run a ROCK, some of the options used by others to get remote access going are unavailable to me

thank you

I just went into my VPN client and set up a split tunnel and selected the Roon Core 192.168.x.x to bypass the VPN. Works great.

@Kevin_Owen I’m trying the split tunnel VPN option but how are you “selecting the Roon Core 192.168.x.x to bypass the VPN”?

I use PIA for my vpn and it allows me to choose which programs to bypass and use the non-restricted tunnel

These steps worked first time for me. My Roon server is running on a Win 10 PC. Library is Synology NAS. Phone is Android Pixel 4 XL

My only question is all my traffic going through Zerotier or just the Roon network requests? The Zerotier Android app is pretty bare bones.

Basic step-by-step instructions to let you remotely connect to your Roon home network via VPN, and to stream music from there directly to your remote device:

  1. Get a Synology RT2600ac or similar router compatible with Synology VPN Plus Server technology.

  2. Replace current router of your home network (where Roon core device resides) with the Synology router. (RT2600ac is a surprisingly “plug-n-play” router but this all depends on your particular setup obviously.)

  3. Access the Synology router web administration interface, and install the “VPN Plus Server” package within the interface. (If you are asked to let related ports be automatically allowed/opened/forwarded, confirm the action. No further port forwarding is needed later-on.)

  4. Navigate to the installed VPN Plus Server app, go to “Synology VPN” section and “SSL VPN” tab, and “Enable Synology SSL VPN”:

    NOTE: “Local Network” must be selected as highlighted, otherwise you won’t be able to see your remote device listed as an available endpoint later-on once you connect to Roon core via VPN .

  5. Download and install Synology “VPN Plus” app to your remote device, to be used as a VPN client for connecting to your home network. Connect by entering the following:
    Domain name or IP: Copy/paste the address shown to you in step 4), as highlighted in yellow.
    Account: username used for login to your Synology router web administration interface
    Password: password used for login to your Synology router web administration interface

    NOTE: The screenshots are taken from my Motorola G7 Power android phone.

  6. Open Roon in your remote device… and enjoy!

I really enjoy being able to remotely browse through my collection with all the powerful tools Roon has. On top of that, from time to time, it is nice to play something from my collection when away from home.


  • My Roon core is running on a Windows 10 laptop connected to the Synology router via ethernet cable.
  • While I’ve tried some more standard VPN methods (PPTP and L2TP), they didn’t do for me due to the following: Roon didn’t list my remote device as an available endpoint (despite spending hours with port forwarding and other tweaks) + stability of VPN connection was significantly worse compared to the Synology VPN Plus method.
  • During step 4), “Security level” and related selections are up to you - you can go with the default just fine.
  • During step 4), do not “Enable split tunneling” unless you are ready for potential problems to handle. If you want to go this way (it might be helpful if your remote device does other networking activities unrelated to Roon), you would probably need to find out and define additional “Object” ( = IP subnet/range) to include in the tunneling, to ensure all the traffic needed for Roon to function correctly via VPN is truly passed through the VPN.
  • Applying typical tweaks for Roon (enabling IGMP snooping/proxy, configuring Google DNS instead of your default one, …) might be helpful here as well.
  • There could be many issues preventing this solution to work in a stable way: home internet connection not having enough upload speed, mobile/remote internet connection quality, remote device not fast/robust enough to handle the VPN traffic along with all its other typical tasks, etc. In my case, the mobile internet connection has been the main bottleneck so far, as the VPN playback has been working really well when I connected with my remote device from another city via wifi. (I had a smartphone and a tablet connected and playing different music simultaneously via VPN just fine!) Split tunneling seems to be helpful for mobile but see above.

if you are still interested … i have written a full Proof step-by-step tutorial. What is needed, a RaspberryPi 3 or 4 and SoftetherServerSoftware. I hope you are still a ROON user and love it as we all do Regards, Max