Cloudflared + VNC and SSH break with bypass or service auth rules

user19769 · January 29, 2022, 9:13pm

I set up a web-based VNC access with cloudflared similar to this guide

Also using the same tunnel, a web-based SSH access similar to this guide

With only ‘Allow’ email rules set up with access, this works.
If I have any IP-based Bypass or Service Auth rules, then it breaks without any errors. I just get a blank screen in the browser, it is a completely empty response. Removing those rules, and my applications work as expected. So it seems we cannot use bypass or service auth access rules with these web-basesd applications.

Is it a known issue or potentially a documentation update? I was very confused at first because I started off with the bypass rules, so this could potentially confuse others as well.

Thanks,
Kyle

user8019 · February 18, 2022, 8:25pm

Same error here using web-based SSH!
Have not yet found a solution but will keep my eyes open. Let me know if you can find something.

greetings, Michel

goneizaguirre · August 9, 2022, 1:10pm

Hi, I have the same problem? Did you manage to fix it? Thanks!

floucks · January 18, 2023, 9:26pm

Hey Cloudflare! Same issue, can you respond? Looks like we’re on a year here of SSH / VNC browser rendered sessions not working with Service Auth.

kjohnson1 · January 18, 2023, 10:45pm

Hey everyone,

Yes, this is a documentation oversight. SSH and VNC applications must be used with an Allow rule action. These implementations were built to expect a user authentication as part of the flow.

add Allow Only Caveat for VNC and SSH by kennyj42 · Pull Request #7311 · cloudflare/cloudflare-docs (github.com)

I’ve opened a pull request to modify the docs and call out this limitation.

floucks · January 24, 2023, 4:46am

Thanks for the confirmation here @kjohnson1, much appreciated!!