Router recommendation for using Roon with Starlink.

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Router recommendation for using Roon with Starlink.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#306030 22-Jun-2023 09:52

I’m straying into a field about which I know very little but I know that there’s plenty here who know much more than I do!

I use Roon to run the music systems in the house. A while ago, Roon introduced functionality called Arc that allows you to use Roon on your mobile devices from anywhere by effectively dialling home and accessing your Roon server.

However.. This requires something called port forwarding. I don’t really know what that is, but I do know that you cannot do it on Starlink due to something called CGNAT.

What you can do, however, is use IPv6 to get round it by putting the Starlink into Bridge Mode and connecting it to a second router that does allow the Arc access using IPv6 address allocated by Starlink. I checked and I do have one.

So my question is…

What would be a good second router to get that’s got an easy to use interface for setting this up?

We also have three Grandstream access points through the house to provide proper Wi-Fi everywhere. I don’t want to upset them.

Thanks!

1 | 2

4012 posts

Uber Geek
+1 received by user: 2710

ID Verified

Trusted

TEAMnetwork

Subscriber

#3093347 22-Jun-2023 10:00

use another connection roon, there is zero chance of s public ip on starlink

Better yet find a product that talks to the cloud so you don’t have to port forward

Any views expressed on these forums are my own and don't necessarily reflect those of my employer.

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3093363 22-Jun-2023 10:53

Just set up and use Tailscale (https://tailscale.com/) on a device on their network then you can use this without the need to portforward.

@nztim I am pretty sure you can now buy a Static IP via Support but I wouldn't do this and instead for this task use Tailscale.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3093434 22-Jun-2023 13:44

michaelmurfy:
Just set up and use Tailscale (https://tailscale.com/) on a device on their network then you can use this without the need to portforward.

@nztim I am pretty sure you can now buy a Static IP via Support but I wouldn't do this and instead for this task use Tailscale.

Whose network do you mean? Mine?

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3093435 22-Jun-2023 13:46

This is from the Support thread on the subject at Roon:

“The router that comes with Starlink isn’t compatible with Roon unless you buy the “LAN adapter” option and use that to connect to a different router. You can find the LAN adapter on the Starlink site, it’s pretty cheap.

Once you get the LAN adapter you can connect to another router using bridge mode. Then you just need to make sure Starlink has assigned you an IPv6 address (they almost certainly have) and then set up Roon ARC to use IPv6 which will solve the CGNAT issues caused by using Starlink with the stock router.”

RunningMan

9184 posts

Uber Geek
+1 received by user: 4834

#3093464 22-Jun-2023 14:39

That's still exposing devices inside your network directly to the internet; easy, but not always safe.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3094219 23-Jun-2023 19:16

I looked at Tailscale but that’s beyond my competence level to configure. Even the instructions might as well have been in Swahili!

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

Jase2985

13730 posts

Uber Geek
+1 received by user: 6202

ID Verified

Lifetime subscriber

#3094226 23-Jun-2023 19:50

find a step by step video on youtube.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3094287 24-Jun-2023 09:41

This is what Roon said when I asked about the risk of access from outside:

“No, not at all. The Starlink LAN adapter puts your satellite connection into bridge mode. Once you plug that into another router you are at least as secure as you were with the Starlink router. Btw, the LAN adapter plugs into the Starlink router so you will also need to leave that plugged in but all it does is control the dish then pass off the signal to the LAN adapter. You will then run a CAT6 cable from the adapter to your new router. Btw, this will give you a bridge mode connection which is the same many other ISPs provide.”

I’m no network security engineer so I’ve no real idea as to whether that’s meaningful.

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#3094290 24-Jun-2023 09:46

They didn’t address the risk of forwarding a device to the internet😂

Referral Link Quic

Free Setup use R502152EQH6OK on check out

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3094542 24-Jun-2023 20:32

OOI what would someone be able to do to my Roon Nucleus if they did access it?

There’s nothing on it but Roon, it runs different OS to anything else in the house.

Would firewall software on the router not protect against the access?

(Note - these are genuine questions. I have no idea)

hsvhel

1273 posts

Uber Geek
+1 received by user: 596

ID Verified

#3094547 24-Jun-2023 20:56

You are poking a hole in the firewall for the port that Roon uses. So it won't be interested in what may come and go.

As for what can be done for access, should someone get in....depends on the offender really. Might change your playlist and profile to Taylor Swift at all times.....might subscribe you to country music for a lifetime...pandoras box on what options are available depending on access levels??

Referral Link Quic

Free Setup use R502152EQH6OK on check out

Dell

Shop now for Dell laptops and other devices (affiliate link).

michaelmurfy

meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator

ID Verified

Trusted

Lifetime subscriber

#3094552 24-Jun-2023 21:02

@hsvhel you make it sound like Taylor Swift is a bad thing? She’s amazing.

But in all seriousness the advice they’re giving you isn’t the best. Punching holes through your firewall or putting the Starlink router into bridge mode is not a great idea at all.

Tailscale is super simple to setup. As others suggested look up some YouTube videos on it.

RunningMan

9184 posts

Uber Geek
+1 received by user: 4834

#3094556 24-Jun-2023 21:09

Geektastic: OOI what would someone be able to do to my Roon Nucleus if they did access it?

At one end of the scale, muck with your settings, playlists or similar. At the other, if there are any security vulnerabilities with it, then use it as a host for something nefarious like part of a bot net or route other traffic through your connection etc. It really depends how secure the device is as to what could happen to it. It's quite common with cheap IP cameras that have really poor software for that sort of thing to occur.

Geektastic:Would firewall software on the router not protect against the access?

No. Opening a port to an internal device is like drilling a hole through a physical firewall, then sticking the object you want protected up against the hole and wondering why it gets burnt. Port forwarding is deliberatly opening a direct route through the firewall to the device you choose (the Roon in this case), so traffic from the internet can directly access that device, bypassing the firewall. That device is then reliant on it's own protections and being totally free of any bugs or other vulnerabilities for protection.

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3094635 25-Jun-2023 11:08

hsvhel:
You are poking a hole in the firewall for the port that Roon uses. So it won't be interested in what may come and go.

As for what can be done for access, should someone get in....depends on the offender really. Might change your playlist and profile to Taylor Swift at all times.....might subscribe you to country music for a lifetime...pandoras box on what options are available depending on access levels??

Taylor Swift?! Nooooo! That alone is sufficient reason not to do it!!

Geektastic

18009 posts

Uber Geek
+1 received by user: 8465

Trusted

Lifetime subscriber

#3094636 25-Jun-2023 11:12

So on our network we have one MBP and one iMac. Plus the Roon Nucleus but I can’t access that at all, it’s entirely run by the Roon application itself.

Obviously neither of the Apple devices is awake at all times.

On what would I install and run Tailscale in that scenario?

1 | 2