Cloudflared argo - raw TCP

marvintje123 · July 5, 2021, 7:20pm

Hi there,

I am trying to set up a argo tunnel for raw TCP/IP sockets. But I can’t get any success (don’t know if it is even possible?)

My config file looks like:

tunnel: sockets
credentials-file: redacted.json

ingress:
  - hostname: sockets.redacted.nl
    service: tcp://localhost:2222
  - service: http_status:404

My socket server is listening on port 2222
And I am trying to connect with a client on port 2222

Any suggestions?

nuno.diegues · July 5, 2021, 8:56pm

Hello @marvintje123 ,

It is possible to get TCP traffic (non HTTP) to Cloudflared Tunnel origins.

The most transparent way is to rely on WARP on your client device, as per https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel

Alternatively, you can use cloudflared itself on the client side, as per https://developers.cloudflare.com/cloudflare-one/tutorials/rdp, but that has the disadvantage that it will only work for some applications/protocols because it is not so transparent. You can see other tutorials in https://developers.cloudflare.com/cloudflare-one/tutorials for other applications on top of TCP; the idea is the same, they are just different examples.

marvintje123 · July 5, 2021, 9:30pm

Hi, thanks for the reply

The most transparent way is to rely on WARP on your client device, as per
https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel

You mean, the client then has to install warp? I think installing an extra application on the client device isn’t an option in this use case.
The user connects using an electron application to my socket server. However, currently the server IP is exposed (because I can’t proxy it trough Cloudflare). So I was looking for a solution for this (maybe this helps to come to the right answer).

nuno.diegues · July 6, 2021, 7:11am

For my own understanding, why not?

marvintje123 · July 6, 2021, 10:48am

It are non-managed clients. Most of the users don’t feel anything to install extra software on their devices.

nuno.diegues · July 6, 2021, 11:21am

But do you control that client app? If so, you could “embed” cloudflared access there somehow to proxy the tcp traffic to our edge similarly to the tutorial that I linked above for RDP, but of course, hidden from the user.

marvintje123 · July 6, 2021, 12:52pm

Hhhhhm, I’ve included cloudflared in the app now. It seems to work.
Maybe not the ideal solution I was looking for. But it works fine

system · July 9, 2021, 12:53pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.