over exixting VPN : Client config ?

[claib]

Thank you for the wonderful help before!
I have the following setup:
Central server behind a Ubiquiti firewall.
The Roon server ( virtualized ) is running on it

Remote locations also behind Ubiquiti firewalls.

The sites are connected to each other with VPN. ( site to Site )
I can access the Roon server with the app without any problems.

• Unfortunately, no players located in other subnets are found.
  I think the client you suggested would be ideal for this. If I have understood this correctly, the app in the local LAN will then find both the server and the local players.
  How to ??

[drsound]

Roon relies on network protocols that operate at Layer 2 (like broadcast and multicast traffic) to find Roon Cores, Remotes, and Players on the local network. Your current site-to-site VPNs established via your Ubiquiti firewalls are likely operating at Layer 3. While Layer 3 VPNs successfully route standard IP traffic between different subnets, they typically do not pass the broadcast and multicast traffic essential for Roon's discovery mechanism. This is why your Roon app can connect directly to the server by its IP address (Layer 3), but discovery of players on other subnets fails.

To make the players visible to the Roon Core (and vice versa), all the sites need to logically appear as if they are on the same subnet. This means that the IP addresses used on the LANs at your central site and all remote sites should share the same IP range (e.g., all sites using IPs within 192.168.0.0/24, ensuring no IP address conflicts between devices at different sites).

To achieve this Layer 2 connectivity across your sites, you will need to set up a Layer 2 (TAP) VPN. You should not use your existing Ubiquiti Layer 3 VPNs for this specific Roon connectivity.

• Central Site (with Roon Core): This site should run an OpenVPN TAP server.
• Remote Sites (with Players): Each remote site should run an OpenVPN TAP client. These clients will connect back to the OpenVPN server at your central site.
• The OpenVPN client at each remote site must be configured to bridge the VPN interface (the tap0 interface mentioned in the guide) with its local LAN interface. This makes the central subnet accessible at Layer 2 to devices on the remote LAN.

This Layer 2 OpenVPN setup, with bridging at the remote sites, creates a large virtual Layer 2 network segment spanning your central site and all remote sites. Roon's discovery traffic can then traverse this virtual segment, allowing your Core to find players and your apps to find both the Core and local players.

Again, you should not rely on your existing Ubiquiti site-to-site VPNs for this specific Roon discovery function, as they are almost certainly Layer 3 and will block the necessary broadcast/multicast traffic. You need to implement a separate Layer 2 VPN using OpenVPN (or a similar technology that supports TAP mode and bridging).

The "client" discussed in the guide is the OpenVPN endpoint configured to connect to the server and perform this bridging, which is exactly the function you would need at each of your remote sites.