Roon Integration - Firewall Rules

Hi,

I running Home Assistant as Docker container and just moved to a new platform (VMware Photon OS).
Photon OS by default has some pretty strict firewall configuration which currently prevents the Roon integration from working.

I see the following error in my logs:

2024-04-01 14:10:07.316 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry Roon Labs Music Player for roon
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 504, in async_setup
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/roon/__init__.py", line 22, in async_setup_entry
    if not await roonserver.async_setup():
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/roon/server.py", line 57, in async_setup
    self.roonapi = await self.hass.async_add_executor_job(get_roon_api)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/roon/server.py", line 53, in get_roon_api
    return RoonApi(ROON_APPINFO, token, host, port, blocking_init=True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/roonapi/roonapi.py", line 798, in __init__
    raise RoonApiException("Host and port of the roon core must be specified!")
roonapi.roonapi.RoonApiException: Host and port of the roon core must be specified!

So it looks like the integration cannot find the server.
I could try to remove the integration and re-add it - looking at the documentation it seems as I would be able to enter the RoonServer IP address manually in that case.
However, I don’t want to lose all my already configured Roon endpoint entities (I guess that’s a side effect of removing the integration) just to find out that this is not working either.

So long story short: does anyone know which ports I need to open in my firewall configuration to make this work?

Thanks in advance!

Sebastian

I think the Roon integration connects to the Roon server using TCP port 9330.

On my Roon server, the only connections to my Home Assistant server are TCP port 9330 and TCP 445 (for the music share on my Roon server).

I just noticed that I could maually add the (or a) server with the “Integration entries” - “Add entry” button in the integraton setup GUI.
This seems to work with regards to connecting to the server - I haven’t tested yet what happens to my previously configured endpoints (everything is turned off at the moment).

I think the issue is with service discovery, i.e. the integration cannot find the server on the local network.
In that case other integrations might be affected too, I haven’t noticed anything else yet, though.

From what I found researching this issue, I figured that I need to allow mDNS and UPnP packet on my host, so I added two rules

- src: 0.0.0.0/0, dst: 224.0.0.251 port 5353, UDP
- src: 0.0.0.0/0, dst: 239.255.255.250 port 1900, UDP

However, that did not do the trick.

When I set the detault policy for incoming packets on the host firewall to ACCEPT, everything works, but that’s effectively disabling the firewall.

Sebastian

Found it:
I needed an additional rule

src: <Roon Server IP> port 9003, dst: <Docker Host IP>, UDP

Now discovery of the Roon Server works like expected.

Sebastian