Cloudflare Tunnel Site-to-Site?

i have a question.
Is it possible to build a tunnel from the SFTP server via Cloudflare to the storage server?
So that the outgoing traffic from SFTP goes via CloudflareTunnel 1 to Cloudflare and from there via CloudflareTunnel 2 to the storage and back (encrypted)?

SFTP Server ( <–>CloudflareTunnel-1 “SFTP Server” <–> Cloudflare <–> Cloudflare Tunnel-2 “Storage-Server” <–> Storage (Second Private Network

Thank you :slight_smile:

The private network routing feature of Cloudflare Tunnels is point-to-site - meaning that it requires a client on the device that is accessing the remote network advertised by Tunnel.

I.E your SFTP server would have WARP and that’d allow it to talk to your storage network, which would have cloudflared somewhere to act as the ‘gateway’ into the network.

This means that the SFTP server can initiate a connection and talk back and forth with the storage network but not the other way around - if you wanted storage to be able to initiate a connection as well then you’d do the same setup but in reverse.

1 Like

thank you @KianNH. I will try it :slight_smile:

Now i have a second question, is it possible to use sftp-protocol with Cloudflare tunnel?

Storage(SFTP) <–> CloudflareTunnel1 <–> Cloudflare <–> CloudflareWARP/Access <–> e.g. BackupServer(SFTP/ is Client)

Thank you guys :slight_smile:

WARP/Private Network routing is any TCP & UDP traffic - no ICMP.

Thank you very much @KianNH, my test worked now.
I have only some understanding questions
What i understand is, you can run one or more tunnel’s inside the infratructure.
In my i.E./LAB: 1 Server with Proxmox and you have multiple VM’s,

What i understand from the docs is, you can run cloudflared tunnel on VM1 and you can configure it to protect VM2/VMN applications OR you can run on each VM a tunnel, is it right?

If yes, can you install Cloudflared Access CLI on VM1 and connect VM2 to remote Storage? i.E. VM2 Backupserver <–> VM1(Cloudflared Access CLI) <–>Cloudflare<–>CloudflareTunnel1<–>SotrageServer(AnotherDatacenter)
or you need on each VM which want to connect to protectet applicaton/server cloudflared access/WARP?

Thank you very much for you help :slight_smile: