How to change cloudflared private ip?

Hello, how to change private ip in cloudflared? It seems that it has been wrong recognized and public IP is used instead of local IP. Private IP is added to Routes on the cloudflare website. I cannot access local IP through a tunnel, using public IP everything works.
No description
16 Replies
Chaika
Chaika•7mo ago
As far as I know it's just pulling from your local machine, there's no changing except if you changed it locally. On a VPS or something not behind NAT they're going to be the same. If you are behind NAT, Origin IP would be your Public IP and Private IP would be internal
playaz44
playaz44OP•7mo ago
I noticed that this is not a problem, I cannot start the tunnel with the quic protocol, it works only on tcp
Chaika
Chaika•7mo ago
with http2 you mean? Some firewalls or network restrictions can do that iirc espec some web filtering ones, not made for udp or something, so they just block quic all together
playaz44
playaz44OP•7mo ago
no, with --protocol quic but it looks like the router <---> cloudflare has a quic connection but it doesn't allow any quic traffic inside the tunnel
playaz44
playaz44OP•7mo ago
Firewall does not have any special settings
No description
Chaika
Chaika•7mo ago
when you say "only works on tcp", you're saying you need to specifically put --protocol http2 or that it fallback to http2 automatically?
playaz44
playaz44OP•7mo ago
If I set --protocol quic manually then the connection from my device to the cloudflare network works as quic (as it shows in the cli in the tunnel logs) but physically does not allow quic traffic from applications inside the tunnel, If I use tcp instead of quic inside the tunnel in the application then I can connect
Chaika
Chaika•7mo ago
Tunnels can proxy udp and icmp if you use Private Networking: https://blog.cloudflare.com/extending-cloudflares-zero-trust-platform-to-support-udp-and-internal-dns/ idk if I understand what exactly he's trying to do though if he means public hostnames then there isn't even a quic or udp option within them, confusing lol fwiw I don't believe UDP or ICMP over Private Networking works unless you use QUIC transport protocol which is a bit confusing
Chaika
Chaika•7mo ago
hard to find docs on it, there is a comment here that describes the limitation though: https://github.com/cloudflare/cloudflared/blob/354a5bb8afb16be9fa260c4eb28d4d1778f655bc/supervisor/tunnel.go#L329
GitHub
cloudflared/supervisor/tunnel.go at 354a5bb8afb16be9fa260c4eb28d4d1...
Cloudflare Tunnel client (formerly Argo Tunnel). Contribute to cloudflare/cloudflared development by creating an account on GitHub.
Chaika
Chaika•7mo ago
it existed first lol yea 😦 I could not find a single reference to the http2 protocol limitation anywhere in their docs not in the blog post announcing udp and icmp proxying, not in private networking, or anywhere else
playaz44
playaz44OP•7mo ago
If I turn off the cloudflared tunnel in router B then from clients connected to the router A can make a QUIC connection (the quic connection also works for clients connected to the B router). If the tunnel on the router A and B is turned on simultaneously then all connected to the router A cannot connect using quic and must use a tcp connection
No description
playaz44
playaz44OP•7mo ago
Everything is done in a private IP If I use a public IP to router B on clients in the router zone A with a port forwarding to the server then I can connect without any problems using QUIC Quic connections will also working in the router zone A if the cloudflared tunnel on router B is disabled and if is running directly on the server no warp->cloudflared its enabled ref Ref Ref ref
Erisa
Erisa•7mo ago
ref?
playaz44
playaz44OP•7mo ago
Refresh It is possible that there is a mistake in this graphic that I did, all clients from zone A connect to the server from warp through the cf server tunnel. The same with zone B, all warp clients connect through the tunnel to the server. Zone A and Zone B have their own separate IPs (local 192.168.x.x) set in the exclude ip in zero trust settings. On routers A and B there are two separate tunnels that allow me to access any device in zone A or B using the local IP assigned by the router (allows to use IPs from the router, not with cloudflare IP range 100.96.x.x). Any client, regardless of the zone, connects to the application on the server using the QUIC protocol. The problem is only in zone A, clients connect to the server using QUIC cannot connect (they can only connect using TCP). None of the clients in zone A are able to establish a connection with the QUIC protocol, even though it works without problems for clients in zone B. If I configure the devices in zone A to use the public server IP without the cloudflare tunnel, I am able to connect via the QUIC protocol from zone A to the server without any problems. I don't know how else to describe it.
Isaac McFadyen
Isaac McFadyen•7mo ago
@playaz44 cleared. For anyone seeing the ghost ping here, it was a request clear some messages which I just did.
playaz44
playaz44OP•7mo ago
Thank you for your reactions
Want results from more Discord servers?
Add your server