CF Tunnels - subnet split?
Hi,
Please let me know if this isn't the correct forum for this. Rigt now, I have a single CF tunnel pointing to my home RFC1918 subnet (192.168.0.X/22). This works fine for my "prod" setup. I'd like to, ideally, have a second tunnel which also connects to the same home subnet, but for my "dev" instance.
Is this something that I need to configure on my home network side with some /25 subnets, or is there some magic on the CF side that can enable me to do this?
Essentially, I'd like to have "mydomain.com" point to production CF tunnel, and "dev.mydomain.com" point to the dev CF tunnel. I'll have separate reverse proxies to point to hosts downstream from there.
Ty for any help that can be offered!
7 Replies
What I would probably do here is separate out the /22 into 8 /25's and then route each to whichever tunnel you want to route that one to.
But with the usecase of just domains on CF Tunnels, it may be even better to just allow both to access both /22s and simply manage on the dashboard which domain goes to which tunnel.
Ty Andrew! On the 2nd bit you mentioned...I feel like the last time that I tried to do this, I got an error message in the dashboard telling me I can't have multiple tunnels point to the same network, but I could possibly be misremembering. Do you have an example handy of how this might look? Even just a screenshot would help and then I can work off of that
Yeah - let me expand.
For the same usecase as what you're describing, you dont even need to statically route entire network segments, the normal Cloudflare Tunnels using just hostname and address to point to the correct host should do. Instead of the private network tab, I use the public hostname tab and have configuration that looks like
The private networking is mainly used for if you want remote WARP clients to be able to route home
similar to tailscale
I gotcha....I am using Tailscale but not at scale (no pun intended!). Thank you very much for your help, let me give this a try and see if I can get it working. My limitation will be the limited configuration options in my TP Link deco router - the price of convenience, I guess.
ah yeah, I usually recommend folks install the Cloudflare Tunnel directly on the computer/server they are hosting the website from, it makes it easier
That's what's I've got, it's running in a container but yeah it's on my server.
I was GOING to figure out how to make everything accessible only behind tailscale, but that's a later project