Cloudflare access - RDP - Run cloudflared as service on client machine?

I have been looking into utilizing clouflare access for an RDP tunnel. Currently I am pretty impressed seems to be working well.

I’m just wondering if there is any way to run the cloudflared.exe piece as a service from the workstation that is connecting to the tunnel? Or does the user need to run the command/use shortcut in order to initiate the connection?

I did build a batch script the fires up a silent cmd prompt with connection and then opens rdp automatically which works well but might be overkill if there is a way to run it as a service.

From what I have found so far only the tunnel side can be run as a service.

Any information would be appreciated

1 Like

Hi @3Sherpas As per your request I’m just wondering if there is any way to run the cloudflared.exe piece as a service from the workstation that is connecting to the tunnel? Have you checked cloudflared as a service.

1 Like

I have read that document. But the service only seems to run with the tunnel flag. Is it possible to run it with access rdp instead? Aka always on persistent tunnel

You need to edit the service in the standard windows way…

1 Like

Curious if there’s any way to do this. I’ve tried to add the access options to the service, but it only seems to pop up the login page if you run it in a command prompt under the users.

I don’t believe that it is possible to run the client as a service at this time because I don’t believe that the service can open a browser windows for you to authenticate. I might be mistaken on this but have yet to find a way.

I have created a couple very basic script files to workaround the need to keep CMD prompt window open while using session. I have added these files to github so that others can look/use them -

In a nutshell here is what the scripts do

  1. launch a silend cmd windows with cloudflared.exe command in it
  2. launch a rdp session from command prompt which should open a browser for cloudflare access auth
  3. cloudflared process gets killed once the RDP session is closed.

It’s probably not the best solution but I have deployed this to a handful of users and have not heard any complaints/issues yet.

2 Likes

Thanks, I’ll check that out. I was hoping that launching as a system service would allow a user to trigger the login browser when starting the RDP session, but no such luck.

If you do manage to find a service based solution then let me know.

Please see https://developers.cloudflare.com/cloudflare-one/applications/non-HTTP/CLI#authenticate-a-session-from-the-command-line for information on how to set up a client cloudflared access connection as a service and on how to use the needed token as an environment variable (https://developers.cloudflare.com/cloudflare-one/applications/non-HTTP/CLI#using-the-token-as-an-environment-variable).