Can't seem to get tunnels to work

Firstly, I hope this is the correct location to post this.

I’m struggling pretty hard with this. If I run it through the command line it works fine:

Server:
cloudflared tunnel --hostname test.example.com --url ssh://localhost:22

Client:
cloudflared access ssh --hostname test.example.com --url localhost:2222

This works fine, and on the client I can ssh to 127.0.0.1:2222 and get in to the server.

If I ‘cloudflared tunnel create test’ and use the tunnel id to create a tunnel in /etc/cloudflared/config.yml it just doesn’t work. I get an error on the client side first that the hostname doesn’t exist. I’ve tried creating a CNAME record to .cfargotunnel.com but it’s directed to a link-local IPv6 address.

I don’t get what I’m doing wrong…

Hello @jon16 ,

First of all, it’s great that you are trying with Named Tunnels since that’s the way forward.

Have you followed through the steps in https://developers.cloudflare.com/cloudflare-one/connections/connect-apps? (see the 1/2/3 steps on the bottom with links)

  1. cloudflared tunnel create test
  2. cloudflared tunnel route dns test test-named.example.com
  3. cloudflared tunnel run --url ssh://localhost:22 test

You can also see a full blown example of SSH over an Argo Tunnel with this tutorial: https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab

Hey Nuno,

Thanks for the quick reply!

Okay that seems to work to some degree, however I can’t get it run as a service (which is my ultimate goal).

Which end? If it’s the server end, you’d need a config.yml. Something like:

tunnel: TUNNEL_ID
credentials-file: /root/.cloudflared/TUNNEL_ID.json

ingress:
  - hostname: ssh.example.com
    service: ssh://localhost:22
  - service: http_status:404 

And then something like cloudflared service install (Ubuntu 20.04 for me)

Hi sdayman,

One step closer!

So I have the server end configured now, however it seems when running it as a service it doesn’t create a DNS entry still. Everything looks good on the server end but on the client end I get:

ERROR[2021-03-09T20:44:36-05:00] failed to connect to https://ssh.example.com with error: dial tcp: lookup ssh.example.com: no such host

Next step: Create a Proxied :orange: CNAME record:
Name: ssh.example.com / Target: TUNNEL_ID.cfargotunnel.com

The problem with that is this is what the tunnel resolves to:

TUNNELID.cfargotunnel.com has IPv6 address fd10:aec2:5dae::

Make sure to delete the DNS record for your hostname if you are moving from a classic tunnel (where you specify --hostname) to a named tunnel (where you use run).

Then, the step 2 that I highlighted above will create a CNAME DNS record for your hostname → UUID.cfargotunnel.com, and Cloudflare will take care of the rest for you (i.e., it’ll make sure that requests routed for that DNS will arrive to your Argo Tunnel origin).

That IPv6 address doesn’t surprise me, as it is proxied through a special connection that needs to be a unique IP address.