Cloudflared keeps falling back from QUIC to HTTP2

Recently I’ve been noticing that my cloudflared tunnel keeps falling back from quic to http2, breaking private DNS resolution. I can manually restart the service & it’ll establish a quic link, but after a few hours falls throws the following errors:

WRN Failed to serve quic connection error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=2

WRN Serve tunnel error error=“failed to accept QUIC stream: timeout: no recent network activity” connIndex=2

INF Retrying connection in up to 1s seconds connIndex=2

WRN If this log occurs persistently, and cloudflared is unable to connect to Cloudflare Network with quic protocol, then most likely your machine/network is getting its egress UDP to port 7844 (or others) blocked or dropped. Make sure to allow egress

INF Switching to fallback protocol http2 connIndex=2

Is there a way to prevent fallback to http2 or otherwise stop this from happening?

Client version: 2022.05.1
OS/Version: Ubuntu Server LTS 20.04
Installed using Cloudflare’s Debian install instructions (ie. deb pkg + ‘cloudflared service install {token}’, not via APT repo).
Configured remotely via Cloudflare Teams dashboard.

Yes, you can configure protocol: quic as per https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/private-hostnames-ips/#update-cloudflared

If you are using the Tunnel managed via the UI, then this property can be set as per https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/configuration/remote-management/

1 Like

Implemented fix as per link #2. Haven’t observed a rollback to http2 since, though the ‘WRN Serve tunnel error error=“failed to accept QUIC stream: timeout: no recent network activity"’ still occurs regularly. It does renegotiate a quic connection shortly after however. Is this expected behavior during periods of low/no tunnel activity?