Cannot access private IP behind tunnel

Related to

Cloudflare Tunnel

What is the issue you’re encountering

timeout

What are the steps to reproduce the issue?

I have two systems. One has a public IP (system A). Another one is inside my private LAN with IP 192.168.170.131(system B) inside a VM.
I connected both systems to the same tunnel.
I am using IP include list, I added 100.96.0.0/12 and 192.168.170.131/32 to include lists. I also added 192.168.170.131/32 as part of my routes to be routed through the created tunnel.
Tunnel is just built and no other configurations exists.I enabled WARP to WARP connection, overriding IPs, and Proxy settings with enabling TCP, UDP, and ICMP.
All firewalls are disabled.
Systems can ping each other using their assigned WARP IPs, and there is no problem with it.
However, when I want to ping 192.168.170.131 from system A, through tcpdump, I can see ping packets arrive at system B but no response is generated. I also tried to reach an HTTP server on system B but the same issue is there; I get the SYN packets but no response is generated at system B.

I was wondering have anybody faced a similar issue, and if yes, how they solved it.
I appreciate your responses.

Here is the output of warp-cli for both systems

System A
Merged configuration:
(derived) Always On: true
(override) Switch Locked: false
(network policy) Mode: WarpWithDnsOverHttps
(network policy) WARP tunnel protocol: MASQUE
(not set) MASQUE Protocol Settings:
HTTP Version: MASQUE (HTTP/3 with HTTP/2 fallback)
(default) Disabled for Wifi: false
(default) Disabled for Ethernet: false
(not set) qlog log until: FutureSystemTime(None)
(default) Onboarding: true
(network policy) Include mode, with hosts/ips:
100.96.0.0/12 (100.96.0.0/12)
192.168.170.131/32 (192.168.170.131/32)
(network policy) Fallback domains:
home.arpa
intranet
internal
private
localdomain
domain
lan
home
host
corp
local
localhost
invalid
test
(not set) Daemon Teams Auth: false
(network policy) Disable Auto Fallback: false
(network policy) Captive Portal: 180
(network policy) Support URL:
(network policy) Allow Mode Switch: false
(network policy) Allow Updates: false
(network policy) Allowed to Leave Org: true
(network policy) Profile ID: default
(not set) Registration Scope: System
(network policy) Register Tunnel Interface IP: true

System B

Merged configuration:
(derived) Always On: true
(override) Switch Locked: false
(network policy) Mode: WarpWithDnsOverHttps
(network policy) WARP tunnel protocol: MASQUE
(not set) MASQUE Protocol Settings:
HTTP Version: MASQUE (HTTP/3 with HTTP/2 fallback)
(default) Disabled for Wifi: false
(default) Disabled for Ethernet: false

(not set) qlog log until: FutureSystemTime(None)
(default) Onboarding: true
(network policy) Include mode, with hosts/ips:
100.96.0.0/12 (100.96.0.0/12)
192.168.170.131/32 (192.168.170.131/32)
(network policy) Fallback domains:
home.arpa
intranet
internal
private
localdomain
domain
lan
home
host
corp
local
localhost
invalid
test
(not set) Daemon Teams Auth: false
(network policy) Disable Auto Fallback: false
(network policy) Captive Portal: 180
(network policy) Support URL:
(network policy) Allow Mode Switch: false
(network policy) Allow Updates: false
(network policy) Allowed to Leave Org: true
(network policy) Profile ID: default
(not set) Registration Scope: System
(

This topic was automatically closed after 15 days. New replies are no longer allowed.