Can't seem to get tunnels to work

Firstly, I hope this is the correct location to post this.

I’m struggling pretty hard with this. If I run it through the command line it works fine:

cloudflared tunnel --hostname --url ssh://localhost:22

cloudflared access ssh --hostname --url localhost:2222

This works fine, and on the client I can ssh to and get in to the server.

If I ‘cloudflared tunnel create test’ and use the tunnel id to create a tunnel in /etc/cloudflared/config.yml it just doesn’t work. I get an error on the client side first that the hostname doesn’t exist. I’ve tried creating a CNAME record to but it’s directed to a link-local IPv6 address.

I don’t get what I’m doing wrong…

Hello @jon16 ,

First of all, it’s great that you are trying with Named Tunnels since that’s the way forward.

Have you followed through the steps in (see the 1/2/3 steps on the bottom with links)

  1. cloudflared tunnel create test
  2. cloudflared tunnel route dns test
  3. cloudflared tunnel run --url ssh://localhost:22 test

You can also see a full blown example of SSH over an Argo Tunnel with this tutorial:

Hey Nuno,

Thanks for the quick reply!

Okay that seems to work to some degree, however I can’t get it run as a service (which is my ultimate goal).

Which end? If it’s the server end, you’d need a config.yml. Something like:

tunnel: TUNNEL_ID
credentials-file: /root/.cloudflared/TUNNEL_ID.json

  - hostname:
    service: ssh://localhost:22
  - service: http_status:404 

And then something like cloudflared service install (Ubuntu 20.04 for me)

Hi sdayman,

One step closer!

So I have the server end configured now, however it seems when running it as a service it doesn’t create a DNS entry still. Everything looks good on the server end but on the client end I get:

ERROR[2021-03-09T20:44:36-05:00] failed to connect to with error: dial tcp: lookup no such host

Next step: Create a Proxied :orange: CNAME record:
Name: / Target:

The problem with that is this is what the tunnel resolves to: has IPv6 address fd10:aec2:5dae::

Make sure to delete the DNS record for your hostname if you are moving from a classic tunnel (where you specify --hostname) to a named tunnel (where you use run).

Then, the step 2 that I highlighted above will create a CNAME DNS record for your hostname →, and Cloudflare will take care of the rest for you (i.e., it’ll make sure that requests routed for that DNS will arrive to your Argo Tunnel origin).

That IPv6 address doesn’t surprise me, as it is proxied through a special connection that needs to be a unique IP address.