Roon 2.0

And they are absolutely correct. Application level security measures (antivirus, MFA, certificates, host based firewalls, software updates, etc.) are not meant to mitigate poor network perimeter security practices, they are simply security measures at a different level. Allowing traffic sourced from the Internet to punch through to your internal network, without proper segmentation and filtering, has been a bad idea for a long time, and it still is. That’s why virtually no one does it, except roon now of course…

Yep…ie. at the last update…a so called improvement I had big issues…the Roon team were adement that the sound quality should not have been effected. I had to adjust the headroom…and dsp what a pain…don’t get me wrong the Roon team were helpfull…

I attempted to sort my mates BT hub for port forwarding, it simply would not save, clicking save had no effect. Tried it in a number of browsers. Looking around the internet this is an incredibly common issue with BT, with the only potential solution being a hard reset, although in many cases still not working.

OK hardware, crap software.

You can’t use ARC out of the house as you don’t have an open port for it. Roon looks like can’t use UPnP to do opne so it will rely on you manually doing this. Their is a troubleshooting doc from the app for this as it’s your router doing its job. Arc will work on your localWi-Fi without the port open as it’s using your internal network not accessing from outside your network.

You need to read up on how it works you obviously skipped up the setup documentation and guide.

Although you could try rebooting, I doubt it would help. The key thing is the router firewall to set the port mapping (the current Roon Core should do automatically, but seems to be a bit hit and miss with different firewalls)… Roon Core will tell you when it’s working ok… What do you have?
If you have a BT Smart Hub2 its very straightforward to do they have made it quite easy and I think relatively intuitive and you can even use device/host name so it will use dynamic DHCP. If you have older devices or other routers it can be more of a faff.

The BT SmartHub2 screen… select your Core device on your connect devices tab… and at the bottom of the screen you will see the option to setup portforwarding, or the current forwarding active rules for that device. Click settings/create new port forwarding rule… and you should see something similar to the below image… it likely will contain no rules, so press ‘create a new port forwarding rule’ and enter the fields like below for your device (you might need to enter your device name - in my case ‘Simons-iMac’ - manually)… the orange background in the top right shows your new configuration is not yet saved… once done save it. If there is a problem, your port address might be being used by another application, just change it slightly say 55001. The key thing is make it consistent. Note it down. The port you have here must match port you set in the Core ARC setup. (Ports are like internal machine network addresses)

image2048×1536 244 KB

Edit… to see the portforwarding options and be able to edit/setup… you need to login as admin or ‘advanced mode’ otherwise you won’t be able to see the details or edit.

Thanks Simon, I’m just questioning whether I really need to run a VPN given that I now apparently need to disable it every time I want to use Qobuz or Roon. I started using one because it helped when I was using a shared network when working away from home, but I no longer do that so I might just ditch it altogether.

Hi @robert_h , similar situation here where my son starts becoming a big music fan himself and uses his MusoQb to,listen. I made him his own profile in Roon
Iver

I agree get rid of it. Many corporate and advanced home setups setups use more advanced routing on the the PC / end device, so the VPN is only used for certain addresses ranges, and everything else default routes directly out to the internet…. But yes if everything is being sent via a VPN regardless of destination address then that is typically going to be too limiting.

Hi we simply set different Roon profiles… you can even save a mug shot for each family member profile that appears in Roon Remote or Roon ARC… Mrs SinS doesn’t bother, but my son who lives at home us and myself have our own profiles.

Seems I’m lucky I can’t upgrade to Roon 2.0
My MacMini is too old to get beyond macOS 10.13.6 - Roon2.0 needs 10.15.
The release caused me no end of problems though. All the iPhones in the house with Roon Remote installed upgraded to Roon 2.0 overnight along with the version on my MacBook meaning no music!
Took me a while to find the Roon 1.8 legacy version hidden away on Roons website.
Not very well thought out I would say.
But better than all the issues everyone is having with security etc.
My concern is how long Roon 1.8 Legacy will be supported.
The MacMini I have works brilliantly - its only job is to host Roon & it does that very well. I don’t fancy having to upgrade to a new one just to get Roon 2.0 - would probably prefer to upgrade the NDX so I can get native Qobuz.

In fairness to Roon this is your setting to update apps automatically. I have this set to manually update to prevent this very scenario with Roon and other apps.

Glad you got sorted.

.sjb

I’ve never before come across an automated updater so thick that it would load an incompatible version on the device that runs it. To me that’s just incompetence.

Totally agree. I have disabled the auto-update function for both Roon and apps on my iPhone and iPad to avoid accidental updates. Looking at the support threads on the Roon forum, a lot of issues would be avoided by this approach.

I have to agree their roll out structure really needs a rethink as does some of their communication upfront.

The app is fully compatible with the iPhone its running on and it’s an iOS setting to automatically update so I don’t know where you’re coming from with your incompetence remark.

The issue is that older Mac and windows versions are no longer supported but there is a legacy version for those situations.

.sjb

Thanks Simon, I’m in NZ and use the IP’s HG659b. There are some port forwarding options there, but it’s quite different than what you posted, it doesn’t show port numbers etc. I think that as Roon is on my business computer, I’m not keen to open up any security risks that compromise the firewall, so I’ll just stick with files from iTunes on my iPhone and use the Quboz app for new downloads and on-line streaming outside my house.

if it is your work computer then yes best keep things separated from home software such as Roon (with ARC or without) for various reasons. However don’t be misled, you are not compromising a firewall - you are actually setting up a firewall rule manually - this is how many types of firewalls are designed to operate. Mostly this happens automatically with consumer firewalls using UPnP and other protocols so you don’t know it’s happening - its just Roon is not talking to your firewall correctly for what ever reason (I had the same) so you need to set the firewall rule manually.

In fact from a home network safety perspective there is a view that it is best to manually set firewall rules (as per my above post) rather than rely on automatic protocols such as UPnP (the thinking is if someone attaches a malicious device or loads a malicious programme within your home network - it can’t open up your firewall automatically).
The whole approach with such firewalls is that you want to limit inbound flows to those that you are expecting and are prepared to manage - such as Roon Core ARC. All other inbound flows are dropped,

The compromise solution would be to set your home network as a DMZ (which mostly removes the firewall) and point all in bound flows to your Roon Core - this is the bad approach that I think some people are getting confused with as you would forward all inbound traffic to the Roon Core whether you were expecting it or not and would rely on the OS firewall and applications to manage the unsolicited flows - and even Roon themselves strongly advise against anyone doing this as a shortcut. The correct approach is as we have described above and is to use a firewall rule on your router firewall… for a specific protocol, port and IP address. Commercial firewalls may contain many hundreds of such rules.

Edit - this seems to be the steps for setting up protocols forwarding on your ISP’s router - it looks straightforward enough although perhaps not the most user friendly
Huawei HG659b Spark Port Forwarding. The only thing I note is this firewall probably requires your Roon Core to be a fixed IP address - rather than be dynamic

Not overly worried about security issues - mind you I work in an organisation that sees passwords written on post it notes…
I had to do the port thing: Port Forwarding Instructions for (Most) Fritz!Box Users - Port Forwarding Resources - Roon Labs Community
ARC works really well for me. Oddly Qobuz used to cut out on me fairly frequently and now does not seem to. I think this is coincidence/not a full enough test. But if anyone knows better I am happy to be educated.

Thanks so much for the clear instructions as always Simon, I had the ARC not functioning error message also, however ARC is now working OK.
I would have got there in the end Im sure, but as a fellow BT Smart Hub 2 user this just helped to walk me through the steps.
cheers!

Well Arc worked in the car, although I did not trust it to stream as my data allowance is very small. But downloaded albums sounded great - but why shouldn’t they?