Roon ARC access to K30

Hi guys.
Trying to work out how to use Roon ARC given my network situation.
I have a modem/ethernet router with two routers connected to it on separate ports, forming two separate networks with different IP ranges.
One of these routers is used for non private stuff and the other for private.
I want to put my K30 on the non private network so it can be accessed remotely without jeopardising the security on the private network. I use Roon server, Squeeze player.
The common way is to use uPnP or port forwarding, but my understanding is that neither are secure and would jeopardise the private network security.
Roon however notes the use of Tailscale (How Tailscale works) as a secure means to achieve this outcome.
I have not found an ISpP that will provide two NBN connections without charging for 2 separate services.
So my questions are:

  1. Can Tailscale be supported on the K30 and if so how can I do this?
  2. Is there a more suitable way to achieve what I want in gaining remote access?

Thanks for any help or ideas.

Tailscale would have to be installed on your K30 according to the following. I can’t imagine that Antipodes would have that on their roadmap.

The best approach might be to limit what the K30 is able to reach on your home network were it to be taken over by a malicious actor.

Thanks Kenny. I was hoping that there would be others with similar requirement to access their servers remotely, meaning Antipodes may look at this need or that it would be an easy job to use Tailscale.

I’ve had no problem doing that by just creating a forwarding rule. I enable it when I need it and disable it when I don’t. I kinda figured that Roon would keep the open port from being exploited as long as ARC is enabled and Roon is running.

I am definitely no expert on networking, but advice I have received is to avoid port forwarding cause it exposes the whole network to the net, which I am not prepared to do.
@MarkCole might like to give us some thoughts?

It only exposes a port on a specified destination. In other words if one’s server has an IP address at, it is only a single port at that destination that is exposed. Since Roon is using that port, an attacker could only exploit it if Roon had a vulnerability. Risk is low that an attacker would have success, but it is not zero. Tailscale would reduce risk but add complexity. It would break myantipodes as well.

1 Like

We won’t be adding Tailscale anytime soon.
As mentioned above anything exposed to the internet isn’t safe, rather a matter of mitigated risk management.
You are relying on Roon, the risk is low, but not nonexistent.
Keep Roon upto date, choose a high number port, follow the Roon instructions.


Thanks for the advices guys, much appreciated.
Ill have a bit more of a think about risk/reward.

1 Like