Delete Cloudflare tunnels with active connections

I tried to delete a Cloudflare tunnel with active connections using the Cloudflare API -

When I try to delete the tunnel, I get the following error response:
Cannot delete tunnel because it has active connections. Close any cloudflareds running the tunnel, or run cloudflared tunnel cleanup to delete stale connections, then try to delete it again.

I found the following article that describes how to using cloudflared to delete a tunnel with active connections using the -f option:

I assume there must be a similar “force” option for the Cloudflare delete tunnel API but it does not seem to be documented. Does anyone have any information about this feature?

Cloudflared is open source.

It looks like all it does is call Clean up Connections

Which is just the same clean up Cloudflare Tunnel connections you can find the API Docs

The Usage on the flag itself says the same, that it just cleans up stale connections

So it looks like there’s no way to delete a tunnel with active connections and the description on the -f option is a bit misleading, sadly.

Thanks for the timely response and info.

I think there must be a way to delete tunnels with active connections since it works from the Cloudflare web UI. Unfortunately, it looks like the actual process is not documented.

Ahhhh interesting, didn’t realize the dashboard could do it.

I looked at what the Zero Trust dashboard does, and it looks like it’s a magical query parameter, cascade=true


I just tried the sequence you provided from your inspection of cloudflared. I did “clean up tunnel connections” followed by “delete tunnel” using the API and it worked!!!

So I think your original answer based on cloudflared source code was correct.

I see. I’m happy that worked for you.

Just in case someone sees this thread in the future:

According to the API Docs, cfd_tunnel is the new API Path for tunnels, i.e

I had linked older Cloudflare Tunnel API Documentations/paths earlier, which I see now is marked as deprecated. It’s the same functionality and endpoints, just on cfd_tunnel instead of tunnels

The Clean Up Tunnel Connections API Call,, despite the documentation saying it will only remove connections that are disconnected or in a pending reconnect state, kills all connections, even alive/working ones. Calling the list tunnel connections endpoint after shows no connections.

You can then call the normal tunnel delete without issues.

The Zero Trust Dash goes about this in a different way, using an undocumented query parameter, cascade=true{account_identifier}/cfd_tunnel/{tunnel_id}?cascade=true

Cascade true seems to have the same effect, and calling the list connections endpoint after shows no connections.

So either way will work, although both don’t align with documentation, as far as I can see.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.