Recently I tried to set up a UDP tunnel through CLI. Everything works fine for my ssh access, but when it comes to connecting to UDP applications (such as TeamSpeak) it seems it always refuses my connection.
I want my applications running on my server protected by Gateway to be accessible only from users who have WARP enrolled correctly in my team (to be precise, my gaming network).
I followed this link to set up the tunnel: Via the command line · Cloudflare Zero Trust docs (I can’t paste it, but it’s the Cloudflare docs); the ssh it’s accessible only by using WARP + cloudflared on my local PC to establish the tunnel between my client and server.
For my TeamSpeak server, I started configuring a private network over my existing tunnel with this configs:
Besides is not listed as a default ingress rule, the UDP session is correct by cloudflared.
In the end, I created as suggested a local fallback domain that would point the tunnel CNAME to my public IP address.
Of course, I also routed traffic from my tunnel to the public IP of my server using “cloudflared tunnel route ip add <IP/CIDR> ” and created a CNAME record to connect every connection from TeamSpeak CNAME to my tunnel.
When the tunnel starts, it works fine, but when I try to connect over the TeamSpeak service, it starts to show me multiple errors like this: “ERR Failed to send session payload from destination to transport error=“read udp server_ip:58476->server_ip:53: read: connection refused” connIndex=2”.
I tried to add the standard UDP port that Cloudflare use to my FirewallD config but it doesn’t work; I even tried to disable FirewallD and set SELinux in Permissive mode but it doesn’t work at all.
Does any of you have any clue what I’m missing?
PS: If you need a cloudflared debug log, tell me and I’ll find a way to share it with you without exposing too much of my personal data