Argo TCP Dial Error

mike8 · April 6, 2018, 9:49pm

Hey CF,
Seeing an issue with this when trying to create a tunnel. Is this a known issue, and are there specific ports that need to be opened in or out? Thanks.
CentOS 6.9, Argo Tunnel installed as a service. Server behind a Cisco ASA.

time="2018-04-06T17:31:22-04:00" level=error msg="Unable to dial edge" error="DialContext error: dial tcp 198.41.192.167:7844: getsockopt: connection refused"
time="2018-04-06T17:31:30-04:00" level=error msg="Unable to dial edge" error="DialContext error: dial tcp 198.41.192.167:7844: getsockopt: connection refused"
time="2018-04-06T17:31:46-04:00" level=error msg="Unable to dial edge" error="DialContext error: dial tcp 198.41.192.167:7844: getsockopt: connection refused"
time="2018-04-06T17:31:46-04:00" level=error msg="Unable to dial edge" error="DialContext error: dial tcp 198.41.192.7:7844: getsockopt: connection refused"

joaquin · April 6, 2018, 10:05pm

Hello @mike8,

It looks like your router is blocking port 7844 outbound. We use that port to connect Cloudflared to our network. What does your access policy look like on the ASA? Can you open the port for outbound connections?

Thanks,
Joaquin

mike8 · April 17, 2018, 2:27pm

I was beating my head against my desk on this. Apparently, it doesn’t like when I give this port number a service object. If I define it as a straight port number in the ACL, it’s fine. ¯_(ツ)_/¯

mike8 · April 17, 2018, 3:20pm

Actually, found a better solution for those whom care. I was able to instead use a TCP Service Group instead.