Hi
Have finally scratched an itch and got Roon running in ‘road warrior’ mode with Wireguard. This means I don’t have to do any port forwarding or run open ports on my WAN interface as in a conventional ARC setup
I originally tried to do this so as to use my phone as an endpoint when out and about on 4/5G, but that was a deep deep rabbit hole and I gave up
But thanks to a suggestion by @Wade_Oram I now have ARC running over Wireguard
Wireguard runs on my OPNSense firewall but pfsense and various others will be very similar
I followed this turorial here from the excellent Home Network Guy (I used his walkthrough to originally configure my own router/FW using OPNSense. Outstanding stuff if that’s your thing too )
At about 22:10 HNGuy talks about creating a firewall rule on the WG interface to forward to his internal dashboard server on port 3000. Simply duplicate this rule and point it at your Roon server IP with port 55000 or whatever you fancy using
As part of the above tutorial you will have created a WireGuard Tunnel on your phone using a QR code generated by OPNSense, and when you connect to that from outside your LAN, ARC functions over the established tunnel
On iOS everything goes through your WG tunnel if active, so you do need the additional FW rules HNGuy describes to maintain general internet connectivity for your phone. On Android, so I’m told, you can control VPN use at the app level so you’d presumably not even need these additional rules if you set only ARC to use WireGuard, just those on the WG interface
Works for me, hope it helps someone