I’m trying to set up CF Access to reach an origin server on port 22 and have configured this as an emulated browser SSH session but when connecting the authentication completes but then the page promptly goes to an error stating that the origin could not be reached and please to check that the tunnel is up and the origin is healthy.
“Unable to connect to origin. Please confirm that the tunnel is set up correctly and the origin is healthy”
The IP of the origin server is a public IP and are not setting up a tunnel or any additional origin authentication etc. No packets are received to the origin’s public IP at the time of one of these SSH login requests. Is connecting CF Access through tunnel now the only way of doing it or have I pressed a button that’s caused it to wait for a tunnel to come in from the origin rather than just to forward the traffic to the origin over the internet?
I had previously seen instructions for setting up the origin firewall to permit CF Access that mentioned that Access traffic would come from a limited IP range (could even request your own dedicated IP?) and this would give a very tightly defined hole to make in the origin firewall, but can’t see this anywhere now and all the instructions seem to relate to setting up a tunnel.
Thanks for any thoughts and what the current product offering is etc.