CD
Cloudflare Developers16mo ago
klownie_

Zero-Trust TCP not working for Moonlight

I have a moonlight and sunshine system to remote access my computer and play video games. I cant port forward my ip because my ISP does not allow me to configure ipv4(i dont have a public ipv4). I decided to use cloudflare and bought myself a domain. The https tunnels work but not the TCP ones. When i try to connect to the TCP tunnel i get a timeout issue using moonlight: 
00:01:20 - Qt Info: Processing new PC at "moonlight.klownie.me:47989" from user with IPv6 address "<NULL>"
00:01:20 - Qt Info: Executing request: "http://moonlight.klownie.me:47989/serverinfo?uniqueid=0123456789ABCDEF&uuid=5ce484badd814eb6a1d5698e3c515b2a"
00:01:25 - Qt Warning: Aborting timed out request for "http://moonlight.klownie.me:47989/serverinfo?uniqueid=0123456789ABCDEF&uuid=5ce484badd814eb6a1d5698e3c515b2a"
00:01:25 - Qt Warning: "serverinfo" request failed with error: QNetworkReply::OperationCanceledError
00:01:20 - Qt Info: Processing new PC at "moonlight.klownie.me:47989" from user with IPv6 address "<NULL>"
00:01:20 - Qt Info: Executing request: "http://moonlight.klownie.me:47989/serverinfo?uniqueid=0123456789ABCDEF&uuid=5ce484badd814eb6a1d5698e3c515b2a"
00:01:25 - Qt Warning: Aborting timed out request for "http://moonlight.klownie.me:47989/serverinfo?uniqueid=0123456789ABCDEF&uuid=5ce484badd814eb6a1d5698e3c515b2a"
00:01:25 - Qt Warning: "serverinfo" request failed with error: QNetworkReply::OperationCanceledError
I dont get this issue when using a ngrok link. Here is my TCP configuration :
No description
21 Replies
klownie_
klownie_OP16mo ago
also here's my cloudflared logs :
Sep 17 12:24:13 pop-os cloudflared[22402]: 2023-09-17T10:24:13Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration="853.553µs"
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Registered tunnel connection connIndex=1 connection=a653ffba-2310-403e-aeb9-b579ec00af46 event=0 ip=198.41.200.23 location=bru01 protocol=quic
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Warp-routing is enabled
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"moonlight.klownie.me\", \"originRequest\":{\"disableChunkedEncoding\":false, \"noHappyEyeballs\":true, \"noTLSVerify\":true}, \"service\":\"tcp://localhost:47989\"}, {\"hostname\":\"sunshine.klownie.me\", \"originRequest\":{\"noTLSVerify\":true}, \"service\":\"https://localhost:47990\"}, {\"service\":\"http_status:404\"}], \"warp-routing\":{\"enabled\":true}}" version=22
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z DBG edge discovery: giving new address to connection connIndex=2 event=0 ip=198.41.200.63
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration=1.671486ms
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z INF Registered tunnel connection connIndex=2 connection=0db77276-445a-4bbd-aa49-b0ccfc4fd153 event=0 ip=198.41.200.63 location=bru01 protocol=quic
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z DBG edge discovery: giving new address to connection connIndex=3 event=0 ip=198.41.192.167
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration=2.123999ms
Sep 17 12:24:16 pop-os cloudflared[22402]: 2023-09-17T10:24:16Z INF Registered tunnel connection connIndex=3 connection=92cf9915-69a0-4639-b048-aab8c3e8be3e event=0 ip=198.41.192.167 location=cdg11 protocol=quic
Sep 17 12:24:13 pop-os cloudflared[22402]: 2023-09-17T10:24:13Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration="853.553µs"
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Registered tunnel connection connIndex=1 connection=a653ffba-2310-403e-aeb9-b579ec00af46 event=0 ip=198.41.200.23 location=bru01 protocol=quic
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Warp-routing is enabled
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z INF Updated to new configuration config="{\"ingress\":[{\"hostname\":\"moonlight.klownie.me\", \"originRequest\":{\"disableChunkedEncoding\":false, \"noHappyEyeballs\":true, \"noTLSVerify\":true}, \"service\":\"tcp://localhost:47989\"}, {\"hostname\":\"sunshine.klownie.me\", \"originRequest\":{\"noTLSVerify\":true}, \"service\":\"https://localhost:47990\"}, {\"service\":\"http_status:404\"}], \"warp-routing\":{\"enabled\":true}}" version=22
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z DBG edge discovery: giving new address to connection connIndex=2 event=0 ip=198.41.200.63
Sep 17 12:24:14 pop-os cloudflared[22402]: 2023-09-17T10:24:14Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration=1.671486ms
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z INF Registered tunnel connection connIndex=2 connection=0db77276-445a-4bbd-aa49-b0ccfc4fd153 event=0 ip=198.41.200.63 location=bru01 protocol=quic
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z DBG edge discovery: giving new address to connection connIndex=3 event=0 ip=198.41.192.167
Sep 17 12:24:15 pop-os cloudflared[22402]: 2023-09-17T10:24:15Z DBG QUIC TLS event curve=p256 handshake=true handshake_duration=2.123999ms
Sep 17 12:24:16 pop-os cloudflared[22402]: 2023-09-17T10:24:16Z INF Registered tunnel connection connIndex=3 connection=92cf9915-69a0-4639-b048-aab8c3e8be3e event=0 ip=198.41.192.167 location=cdg11 protocol=quic
Cyb3r-Jak3
Cyb3r-Jak316mo ago
?tunnel-tcp
Flare
Flare16mo ago
Cloudflare Tunnels use Cloudflare's proxy, which only supports proxying HTTP Traffic. If you want to use non-http applications over your tunnel, Cloudflare has a few other options: For a few specific protocols such as SSH, RDP, and SMB, Cloudflare has guides for them here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/ For Arbitrary TCP like Minecraft, MySQL, and any other tcp application, Cloudflare has a guide here: https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/ For Arbitrary UDP like Minecraft Bedrock, SMTP, and any other udp application, you will need to use Private Networking with WARP: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/ Please note for all of these except SSH and VNC which can be browser-rendered, you will either need to use cloudflared (Cloudflare's tunnel daemon) on the client machine running in the background or Private Networking with WARP, and have WARP installed on the client machine logged into your Zero Trust Team.
klownie_
klownie_OP16mo ago
isnt this same as doing it on the dashborad ?
Cyb3r-Jak3
Cyb3r-Jak316mo ago
The key part is needing to have cloudflared running on your local machine
klownie_
klownie_OP16mo ago
i do have it running cloudflared.service is running in the background it works for https
Cyb3r-Jak3
Cyb3r-Jak316mo ago
On the server or the client machine you are trying to access from?
klownie_
klownie_OP16mo ago
client machine and cloudflared running on host
Cyb3r-Jak3
Cyb3r-Jak316mo ago
How are you connecting from the client machine?
klownie_
klownie_OP16mo ago
by entering moonlight.klownie.me as the ip isnt the whole point being able to access the ressouce via a website link
Cyb3r-Jak3
Cyb3r-Jak316mo ago
On the client you are running cloudflared tunnel --hostname moonlight.klownie.me --url tcp://localhost:7870 then the application points to localhost:7870? Only for HTTP/S tunnels
klownie_
klownie_OP16mo ago
ah then whats the point of configuring the tcp on the dashboard if you cant use it ?
Cyb3r-Jak3
Cyb3r-Jak316mo ago
You can use it. It is just different ways to access TCP and UDP
klownie_
klownie_OP16mo ago
so just entering moonlight,klownie.me does not allow me to acces the tcp throught the internet i cant make a request like this then ? http://moonlight.klownie.me:47989/serverinfo?uniqueid=0123456789ABCDEF&uuid=3980cd91395e4600b4e9d2bab92ca862
Cyb3r-Jak3
Cyb3r-Jak316mo ago
Correct
klownie_
klownie_OP16mo ago
but why ngrok can do it this prevents me from just sharing links to be able to access the cloudflare ressources forcing the client to have cloudflare
Cyb3r-Jak3
Cyb3r-Jak316mo ago
That is the way tunnels are designed
klownie_
klownie_OP16mo ago
then how does ngrok do it ?
Cyb3r-Jak3
Cyb3r-Jak316mo ago
Not sure but their system is designed to be open vs tunnels which are not
klownie_
klownie_OP16mo ago
ok ill make it solved then actually i dont know how to do that can you do it
Cyb3r-Jak3
Cyb3r-Jak316mo ago
Done

Did you find this page helpful?