Windows Server 2019/VPN Access/Sonos System/Roon System

I am having an interesting problem I am not able to resolve. I recently setup VPN on my Windows Server 2019, which also runs Roon Core. I have had no issues running a 5 node Sonos network which all are connected to my mesh network. Roon easily controlled all. After installing VPN on server (which has an internal and external interface) Roon will not control any Sonos device (even though they are all present on Roon). I get a “Roon lost control of an audio device”. On Sonos, I can run a file from my drive to Sonos device and it works. If you attempt to use the Roon stream file on Sonos, I get a message "Unable to play xxx.flac and unable to connect to (External interface IP:3000). Oddly enough, this also is coincident with a database update to Roon. No routing changes were implemented. Why would I get an error message connected with my external interface? Any ideas are greatly appreciated.

They changed the ports in the latest set of releases. If you’re trying to reach Sonos or any UPnP devices, you’ll need to make sure that they are open.

I think that the following post has the right ones now, though it’s from a thread about Linux… you can search for recent posts about changes to firewall ports to open if this isn’t right.

I have tried setting up unique firewall rules for the ports mentioned above. There was no change in the behavior described before. This seems like redundancy since the firewall rules are already open for RAATServer, RoonAppliance and RoonServer (both UDP and TCP any port). Are there any troubleshooting tools for determination of control paths? I have also attempted complete removal of core software and reinstallation with no success.

I forgot to add I also have a squeezebox, which can be controlled via Roon. I am beginning to think there is some blocking from Sonos (as if Roon can’t control Sonos, even though all 5 units show up under Roon).

Does your Roon system work if you disable/deactivate/uninstall your VPN?

Yes, first thing I tried.

“Yes” means it works without VPN?

Sorry, should have been more explicit. I removed VPN settings (disabled). Interfaces still existed (Internal and External, as this has been working for months like this). On WS2019 disabled Routing and Remote Access. I still have no control over SONOS devices from Roon.

I don’t know how packets should travel through the new VPN without changing the path they (or at least some of them) take. Even without configuring your PC to act as a router there is a routing table that determines the path packets should travel. For Roon and possibly SONOS too, there are device detection protocols in place (multicast, ?broadcast?), maybe multicast is even used for streaming. You may run into various issues here. Multiple routes may have become available, or at least this is what devices may think, but multicast routing usually needs additional steps/software to be correctly configured to work. Packets that are sent through the wrong interface (also look at the Spanning Tree Protocol that is possibly active on your switch), switches that still remember the old ARP information after you made changes to your configuration on the PC, … .

A reboot of all the components may help to force the changed situation being respected by all devices. Also writing in more detail about your network setup and devices as well as the VPN solution you use might help. Other users that also use or used the same VPN solution and/or a similar setup might chime in and share there experience possibly.