Argo tunnel private networking config

Does anyone know if you can run this: ( alongside the configs of other tunnels in the same config.yml? @SamRhea , I figured I would tag you as you are the pm.

Not today - the private routing mode needs a distinct instance of cloudflared.


So just to confirm:

If I have an instance of cloudflared running, with a single config.yml file that has my http tunnels in it, I cannot use this instance of cloudflared to hold private routable tunnels.

This would require another cloudflared running, with its own config.yml AND a new tunnel ?


thanks for the info.

I’ve just removed all my warp private tunnel from my current clouflared system and created a new instance (on the same bastion server)
I now have the tunnel up and running, but am unable to route to it from my client with warp on.

tunnel end is and client is

I’ve removed from the split tunnel config as per instructions, but still nothing

Any clues?

Are you on the free plan?

I’m having this issue and yes i’m on the free plan.

Also is this supported on the mobile Warp apps?

nope on pro.

I have multiple tunnels running (either via windows servers for rdp, or bastion hosts on linux for rdp / ssh / https etc) using cloudflared on the client too.

I’ve not got a second cloudflared instance running on one of my servers to test out the new private tunnel feature - hopefully to replace remote access for staff.

However, with the warp app on my mac, registered with teams, routes showing on the cloudflared side, i’m getting nothing.

No routes showing in netstat etc.

I can see changes made in teams (split tunnel settings etc) reflected in the warp app. but no routing.

@JumpMaster they state its not supported on mobile in the docs.

I’ve now got this working.

Enabled layer7 https on firewall in teams (this does not appear to be documented)
Re-Enrolled my warp client (aparently this is required - or was on 23rd march from post I found)

Upgraded to a beta client of warp as well.

I can now access anything on my private IP range, but only via IP address.

I cannot get any DNS to work, even if I try to use nslookup against our internal DNS servers IP.

Does anyone have any info on this?

@SamRhea any help appreciated :slight_smile:

I have DNS working:
Teams Dash>Gateway>Policies>DNS>[policy name]>Custom>Add Destination>Override
On the left side add the domain to use. On the right, I have added relevant ip’s.

Example: →

Add to policy and SAVE the policy. This seems to propagate within a minute or so without having to exit the client. Biggest issue so far is Active Directory can’t seem to figure out it can connect to the DC, so some Windows stuff is not acting right.

Not sure if you have to reenroll the client and/or upgrade to beta, but I did before I added the Gateway DNS policies.

Where you able to resolve the DNS issues?

Do you need to create an override for every single DNS name?

For example, could I have “” > internal DNS servers?

I’ve tried this and it doesn’t appear to be working.

Check Teams Dash>Gateway>Policies>Settings>Manage Local Domains
I’ve added my internal domain there, but it still isn’t working correctly. I can’t get DNS to work other than override. I have tried with both Beta ( and standard Warp clients.

Yea, I tried that, but it seems like you have to enter every internal domain, it doesn’t forward requests to the provided IP addresses.

It’s like setting a hosts file manually.

It even says there is no wildcard support if you try to do that. I think that’s a major over-site of the private network feature, and between that and not working on mobile, it doesn’t fit my current use case.

I’ve got a support request open with cloudflare asking them this, as I can’t even query our in house dns servers with nslookup.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.