Encryption on tunnel traffic?

Hey @SamRhea

Regarding the latest update to tunnels ( Start building your own private network on Cloudflare today ), I was wondering if traffic is encrypted in some way between CF servers on the backend or if users should always make sure the application data is encrypted with TLS etc?

I think when most people access resources over their corporate VPN or whatever there’s kind of this expectation that traffic is end to end encrypted so it doesn’t matter if someone runs telnet or HTTP or something, whereas with CF it’s not clear what the security posture should be.

The traffic from the client to Cloudflare’s edge is encrypted in a Wireguard based tunnel and then the connection from the origin network to Cloudflare’s edge is over a an encrypted tunnel with redundant data center connections.

Troubleshooting and FAQ · Cloudflare for Teams documentation


Hi @cscharff, thanks for your response.

I’m aware of the encryption between cloudflared and CF, and Warp and CF.

My question is in reference to the intra-CF traffic between CF data centers.

E.g. the user is connected to AMS via Warp, cloudflared is connected to ORD and IAD, how is the traffic between AMS and ORD/IAD encrypted?