How to change cloudflared private ip?
Hello, how to change private ip in cloudflared? It seems that it has been wrong recognized and public IP is used instead of local IP. Private IP is added to Routes on the cloudflare website. I cannot access local IP through a tunnel, using public IP everything works.
16 Replies
As far as I know it's just pulling from your local machine, there's no changing except if you changed it locally. On a VPS or something not behind NAT they're going to be the same. If you are behind NAT, Origin IP would be your Public IP and Private IP would be internal
I noticed that this is not a problem, I cannot start the tunnel with the quic protocol, it works only on tcp
with http2 you mean? Some firewalls or network restrictions can do that
iirc espec some web filtering ones, not made for udp or something, so they just block quic all together
no, with
--protocol quic but it looks like the router <---> cloudflare has a quic connection but it doesn't allow any quic traffic inside the tunnelFirewall does not have any special settings
when you say "only works on tcp", you're saying you need to specifically put --protocol http2 or that it fallback to http2 automatically?
If I set --protocol quic manually then the connection from my device to the cloudflare network works as quic (as it shows in the cli in the tunnel logs) but physically does not allow quic traffic from applications inside the tunnel, If I use tcp instead of quic inside the tunnel in the application then I can connect
Tunnels can proxy udp and icmp if you use Private Networking: https://blog.cloudflare.com/extending-cloudflares-zero-trust-platform-to-support-udp-and-internal-dns/
idk if I understand what exactly he's trying to do though
if he means public hostnames then there isn't even a quic or udp option within them, confusing lol
fwiw I don't believe UDP or ICMP over Private Networking works unless you use QUIC transport protocol
which is a bit confusing
hard to find docs on it, there is a comment here that describes the limitation though: https://github.com/cloudflare/cloudflared/blob/354a5bb8afb16be9fa260c4eb28d4d1778f655bc/supervisor/tunnel.go#L329
GitHub
cloudflared/supervisor/tunnel.go at 354a5bb8afb16be9fa260c4eb28d4d1...
Cloudflare Tunnel client (formerly Argo Tunnel). Contribute to cloudflare/cloudflared development by creating an account on GitHub.
it existed first lol
yea 😦
I could not find a single reference to the http2 protocol limitation anywhere in their docs
not in the blog post announcing udp and icmp proxying, not in private networking, or anywhere else
If I turn off the cloudflared tunnel in router B then from clients connected to the router A can make a QUIC connection (the quic connection also works for clients connected to the B router). If the tunnel on the router A and B is turned on simultaneously then all connected to the router A cannot connect using quic and must use a tcp connection
Everything is done in a private IP
If I use a public IP to router B on clients in the router zone A with a port forwarding to the server then I can connect without any problems using QUIC
Quic connections will also working in the router zone A if the cloudflared tunnel on router B is disabled and if is running directly on the server
no
warp->cloudflared
its enabled
ref
Ref
Ref
ref
ref?
Refresh
It is possible that there is a mistake in this graphic that I did, all clients from zone A connect to the server from warp through the cf server tunnel. The same with zone B, all warp clients connect through the tunnel to the server. Zone A and Zone B have their own separate IPs (local 192.168.x.x) set in the exclude ip in zero trust settings. On routers A and B there are two separate tunnels that allow me to access any device in zone A or B using the local IP assigned by the router (allows to use IPs from the router, not with cloudflare IP range 100.96.x.x). Any client, regardless of the zone, connects to the application on the server using the QUIC protocol. The problem is only in zone A, clients connect to the server using QUIC cannot connect (they can only connect using TCP). None of the clients in zone A are able to establish a connection with the QUIC protocol, even though it works without problems for clients in zone B. If I configure the devices in zone A to use the public server IP without the cloudflare tunnel, I am able to connect via the QUIC protocol from zone A to the server without any problems. I don't know how else to describe it.
@playaz44 cleared.
For anyone seeing the ghost ping here, it was a request clear some messages which I just did.
Thank you for your reactions