Cloudflare Zero Trust - 403 for private IP addresses via Tunnel

Hi All,
I am facing a problem which seems to be an issue with Cloudflare Zero Trust.
i have a very simple setup. A tunnel connected to a internal server that has forwarding enabled.
I have added the private ip block, 192.168.x.0/24 in my private network for the tunnel.
Excluded the ip range from split routing so that traffic is routed via Cloudflare.

Now when i try to access the page, in gives 403 error code with the access restricted page. (screenshot attached). A couple of times, the server page did loaded correctly, but that was just one or two times. All gateway block policies are disabled.

I have tried a lot, but unable to figure out if i am missing out anything. This should ideally work. This is internal only network.
Can someone suggest if i am missing out something.

UPDATE: Logs dont show any of the requests as blocked. Seems some issue with Zero Trust itself.

image1122×808 34.2 KB

I am facing the same issue.

• Tunnel setup with private CIDR block routing
• IP Range excluded from the split tunnel

The page loaded a couple of times then I received the same “Access Restricted” error.

Did you make any progress with this?

No, there is no progress. While connecting disconnecting it loads once or twice, but then it’s persistently access denied.

Surprisingly no trace in log. I primarily used wireguard which worked fairly smooth.

Seems not much ppl from.Cloudflare are active on zero Trust.

can someone please look into. This might be a big problem as it restricts a lot of other use cases

You should look in your http and dns logs for the policy that is blocking the requests.

nothing in log

What log?

What does this mean exactly?

I have read that zero trust tunnels internally wireguard internally under the hoods.
WIth wireguard as independent protocol, never really faced routing issues.
I am just trying to replace current implementation using wireguard with CF Zero Trust. but with this i am facing issues.