How to change cloudflared private ip?

Hello, how to change private ip in cloudflared? It seems that it has been wrong recognized and public IP is used instead of local IP. Private IP is added to Routes on the cloudflare website. I cannot access local IP through a tunnel, using public IP everything works.

Pplayaz44 Hello, how to change private ip in cloudflared? It seems that it has been wrong ...

Chaika•6/8/24, 7:02 PM

As far as I know it's just pulling from your local machine, there's no changing except if you changed it locally. On a VPS or something not behind NAT they're going to be the same. If you are behind NAT, Origin IP would be your Public IP and Private IP would be internal

CChaika As far as I know it's just pulling from your local machine, there's no changing ...

playaz44OP•6/9/24, 5:28 PM

I noticed that this is not a problem, I cannot start the tunnel with the quic protocol, it works only on tcp

Pplayaz44 I noticed that this is not a problem, I cannot start the tunnel with the quic pr...

Chaika•6/9/24, 6:10 PM

with http2 you mean? Some firewalls or network restrictions can do that

Chaika•6/9/24, 6:10 PM

iirc espec some web filtering ones, not made for udp or something, so they just block quic all together

CChaika with http2 you mean? Some firewalls or network restrictions can do that

playaz44OP•6/9/24, 6:31 PM

no, with but it looks like the router <---> cloudflare has a quic connection but it doesn't allow any quic traffic inside the tunnel

playaz44OP•6/9/24, 6:39 PM

Firewall does not have any special settings

Pplayaz44 no, with `--protocol quic` but it looks like the router <---> cloudflare has a q...

Chaika•6/9/24, 7:30 PM

when you say "only works on tcp", you're saying you need to specifically put --protocol http2 or that it fallback to http2 automatically?

playaz44OP•6/9/24, 10:48 PM

If I set --protocol quic manually then the connection from my device to the cloudflare network works as quic (as it shows in the cli in the tunnel logs) but physically does not allow quic traffic from applications inside the tunnel, If I use tcp instead of quic inside the tunnel in the application then I can connect

Original message was deleted

Chaika•6/9/24, 11:00 PM

Tunnels can proxy udp and icmp if you use Private Networking: https://blog.cloudflare.com/extending-cloudflares-zero-trust-platform-to-support-udp-and-internal-dns/
idk if I understand what exactly he's trying to do though

Chaika•6/9/24, 11:02 PM

if he means public hostnames then there isn't even a quic or udp option within them, confusing lol

Original message was deleted

Chaika•6/9/24, 11:08 PM

fwiw I don't believe UDP or ICMP over Private Networking works unless you use QUIC transport protocol

Chaika•6/9/24, 11:09 PM

which is a bit confusing

Chaika•6/9/24, 11:09 PM

hard to find docs on it, there is a comment here that describes the limitation though: https://github.com/cloudflare/cloudflared/blob/354a5bb8afb16be9fa260c4eb28d4d1778f655bc/supervisor/tunnel.go#L329

GitHub

cloudflared/supervisor/tunnel.go at 354a5bb8afb16be9fa260c4eb28d4d1...

Cloudflare Tunnel client (formerly Argo Tunnel). Contribute to cloudflare/cloudflared development by creating an account on GitHub.

Original message was deleted

Chaika•6/9/24, 11:26 PM

it existed first lol

Original message was deleted

Chaika•6/9/24, 11:27 PM

yea

Chaika•6/9/24, 11:27 PM

I could not find a single reference to the http2 protocol limitation anywhere in their docs

Chaika•6/9/24, 11:28 PM

not in the blog post announcing udp and icmp proxying, not in private networking, or anywhere else

playaz44OP•6/10/24, 11:36 AM

If I turn off the cloudflared tunnel in router B then from clients connected to the router A can make a QUIC connection (the quic connection also works for clients connected to the B router). If the tunnel on the router A and B is turned on simultaneously then all connected to the router A cannot connect using quic and must use a tcp connection

playaz44OP•6/10/24, 11:38 AM

Everything is done in a private IP

playaz44OP•6/10/24, 11:43 AM

If I use a public IP to router B on clients in the router zone A with a port forwarding to the server then I can connect without any problems using QUIC

playaz44OP•6/10/24, 11:46 AM

Quic connections will also working in the router zone A if the cloudflared tunnel on router B is disabled and if is running directly on the server

Original message was deleted

playaz44OP•6/11/24, 9:18 AM

warp->cloudflared

Original message was deleted

playaz44OP•6/11/24, 9:19 AM

its enabled

playaz44OP•6/14/24, 1:04 AM

ref

playaz44OP•6/15/24, 4:24 AM

Ref

playaz44OP•6/16/24, 1:49 PM

Ref

playaz44OP•6/17/24, 10:33 PM

ref

Erisa•6/17/24, 10:48 PM

ref?

EErisa ref?

playaz44OP•6/17/24, 11:40 PM

Refresh

playaz44OP•6/18/24, 12:13 AM

It is possible that there is a mistake in this graphic that I did, all clients from zone A connect to the server from warp through the cf server tunnel. The same with zone B, all warp clients connect through the tunnel to the server. Zone A and Zone B have their own separate IPs (local 192.168.x.x) set in the exclude ip in zero trust settings. On routers A and B there are two separate tunnels that allow me to access any device in zone A or B using the local IP assigned by the router (allows to use IPs from the router, not with cloudflare IP range 100.96.x.x). Any client, regardless of the zone, connects to the application on the server using the QUIC protocol. The problem is only in zone A, clients connect to the server using QUIC cannot connect (they can only connect using TCP). None of the clients in zone A are able to establish a connection with the QUIC protocol, even though it works without problems for clients in zone B. If I configure the devices in zone A to use the public server IP without the cloudflare tunnel, I am able to connect via the QUIC protocol from zone A to the server without any problems. I don't know how else to describe it.

Isaac McFadyen•6/20/24, 3:17 PM

@playaz44 cleared.

Isaac McFadyen•6/20/24, 3:17 PM

For anyone seeing the ghost ping here, it was a request clear some messages which I just did.

playaz44OP•6/20/24, 3:17 PM

Thank you for your reactions