cloudflared icon indicating copy to clipboard operation
cloudflared copied to clipboard
verified publisher icon cloudflare

Cloudflared tunnel via proxy

Open mcartmel opened this issue 4 years ago • 6 comments

I see that cloudflared access has support for a proxy #317.

I'm trying to use cloudflared tunnel as well behind a corporate firewall, but this doesn't seem to support proxy? The connection attempt is always direct.

mcartmel avatar Apr 09 '21 04:04 mcartmel

same problem here

op69qs avatar Jun 03 '21 02:06 op69qs

Another related issue is https://github.com/cloudflare/cloudflared/issues/170. Also, 2021.7.0 has just been released and still has this problem.

Cnly avatar Jul 12 '21 17:07 Cnly

Connecting will give this error:

2021-08-12T15:15:44Z INF Starting tunnel tunnelID=30b81b81-a872-476e-a41f-fb5631cd50f3
2021-08-12T15:15:44Z INF Version 
2021-08-12T15:15:44Z INF GOOS: linux, GOVersion: go1.16.4, GoArch: amd64
2021-08-12T15:15:44Z INF Settings: map[cred-file:/etc/cloudflared/credentials.json credentials-file:/etc/cloudflared/credentials.json no-autoupdate:true]
2021-08-12T15:15:44Z INF Generated Connector ID: fee7544b-448c-4c36-8f75-4c5be7f39f3c
2021-08-12T15:15:44Z INF Initial protocol http2
2021-08-12T15:15:44Z INF Starting metrics server on 127.0.0.1:46162/metrics
2021-08-12T15:15:59Z ERR Unable to establish connection with Cloudflare edge error="DialContext error: dial tcp 198.41.200.53:7844: i/o timeout" connIndex=0
2021-08-12T15:15:59Z INF Retrying connection in up to 2s seconds connIndex=0

davidkarlsen avatar Aug 19 '21 11:08 davidkarlsen

Any update on this?

yggdrasil-tynor avatar Oct 14 '21 11:10 yggdrasil-tynor

ProxyCommand proxychains4 /usr/local/bin/cloudflared access ssh --hostname %h

Works for me.

RainYang-RY avatar Apr 17 '22 15:04 RainYang-RY

@wz1765 Please, How is your proxychains4 file configuration?

aatrcoutinho avatar Apr 23 '22 17:04 aatrcoutinho

This is something that we don't actually want to support within cloudflared. Furthermore, http2 transport only has a subset of features that cloudflared allows and the official transport to use should be QUIC, which wouldn't work for the SOCKS proxy.

joliveirinha avatar Sep 05 '23 15:09 joliveirinha

Hi. Could you please confirm if cloudflared is not expected to work on a corp environment behind a proxy (as defined by HTTP_PROXY and HTTPS_PROXY) or, if that restriction only applies to SOCKS proxy? Thanks

joaocc avatar Sep 06 '23 12:09 joaocc

After experiencing issues with Cloudflare and other services, I found a solution that worked perfectly and performed exceptionally well through a firewall:

https://github.com/FastTunnel/FastTunnel

All you need to do is set up a basic node on Google Cloud or Amazon to run the server (public IP), and then install the client on a machine within your internal network. Configuring both the server and client is straightforward in the appsettings.json file. In the client, you define the mappings for the internal machines.

aacoutinho avatar Sep 06 '23 23:09 aacoutinho

Thanks, I appreciate the pointer. However we were trying to understand if cloudflared would be expected to work in such a scenario, as we are not planning to move to another provider at this point.

joaocc avatar Sep 07 '23 07:09 joaocc