Cloudflare Tunnel - connect my Synology NAS

What is the name of the domain?

myapp

What is the issue you’re encountering

app cannot auth

What are the steps to reproduce the issue?

I’m trying to set up Cloudflare Access on my home server, which is connected to the internet via a CF Tunnel (Cloudflare Tunnel ). The goal is to increase security.
The problem is that my Synology NAS apps don’t support Cloudflare Access’s two-factor authentication - i cant enter my mail in cf auth page when i using synology apps

How can I allow access for these apps while maintaining the added security that Cloudflare Access provides?
exclude user-agent from this access policy or even install a certificate at all family phones?
Any advice or solutions would be greatly appreciated.

You should get the link in the terminal console, CLI, then copy-paste, open in your Web browser, authenticate and it’s done.

I am using Synology NAS and cloudflared tunnel.

Did you followed some instructions or tutorial how to achieve this?

Are Cloudflare IPs allowlisted in your Synology NAS and added as Trusted Proxies? :thinking:

Other helpful topic:

Kind of the same problem: I have a Cloudflare tunnel, that always gives an error when connecting to my subdomain. This is a server on my Synology nas, not allowing two factor authentication. It relies on immediate passthrough.

Reading: You should get the link… I have no clue what to do.
I also have no clue to workaround Cloudflare popping up a Cloudflare access page when accessing my subdomain.

Listing Cloudflare ip’s on Synology nas is also a blackbox for me, which, where…

I looked at several YouTube tutorials, they dont address this problem.

Or more likely I screwed up.

Basically my question is how to not have two factor authentication?

May I ask if this is coming from Synology NAS when you’re trying to login to using your credentials? :thinking: I do have it, using Google Authenticator app for 2FA for my account(s).

Otherwise, you refer to the “Access page” where you have to enter your email, then by default the PIN code is sent to your email, and from there you can see the “Synology login screen” which you can change in the Synology NAS interface settings page? :thinking:

Thanks for the quick response.

It is not Synology, but actually the Cloudflare access screen asking for an email to send a pin.

And this is not possible with the subdomain I want to access: it needs immediate access, without any interference.

I solved my problem for now by using a Cloudflare tunnel without any access. Setup under Networks on Zero Trust.

It works now. I mitigated security issues by using a very long, coded subdomain name…

I plan to look into installing local device certificates to have secure access.