Error connecting to Zero Trust tunnel on Docker

I am having a connection issue when connecting through a docker container on Unraid.

I am using the correct line and token acquired from Cloudflare Zerotrust Tunnels.

I have turned off all firewall rules/adblockers but cannot get it to connect.

docker run cloudflare/cloudflared:latest tunnel --no-autoupdate run --token XXXX

Error message in the logs:

2023-12-08T01:03:34Z INF Starting tunnel tunnelID=XXXX
2023-12-08T01:03:34Z INF Version 2023.10.0
2023-12-08T01:03:34Z INF GOOS: linux, GOVersion: go1.20.6, GoArch: amd64
2023-12-08T01:03:34Z INF Settings: map[no-autoupdate:true token:*****]
2023-12-08T01:03:34Z INF Generated Connector ID: XXXX
2023-12-08T01:03:34Z ERR Failed to fetch features, default to disable error=“lookup cfd-features.argotunnel.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address”
2023-12-08T01:03:34Z ERR update check failed error=Get https://update.argotunnel.com?arch=amd64&clientVersion=2023.10.0&os=linux\: dial tcp: lookup update.argotunnel.com on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address"
2023-12-08T01:03:34Z WRN Unable to lookup protocol percentage.
2023-12-08T01:03:34Z INF Initial protocol quic
2023-12-08T01:03:34Z INF ICMP proxy will use 172.18.0.3 as source for IPv4
2023-12-08T01:03:34Z INF ICMP proxy will use :: as source for IPv6
2023-12-08T01:03:34Z ERR Error opening metrics server listener error=“lookup localhost on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address”
Error opening metrics server listener: lookup localhost on [::1]:53: dial udp [::1]:53: connect: cannot assign requested address

1 Like

I have more or less similar problem but I’m on openwrt, maybe I should start my own thread, sorry if in appropriate but I thought the symtoms are similar.

I have GL.iNet AX1800, AXT1800 and MT6000 with up-to-date firmwares.
The first 2 routers can connect to cloudflared pretty fine with version 2023.5.1 (built 2023-05-23-2246 UTC).

On MT6000, cloudflared service won’t start at boot with any version including version 2024.2.1 (built 2024-02-20-1728 UTC).

I have successfully setup a cloudflare tunnel already in cloudflare website, for this router.

The issue here is that I can’t make cloudflared autorun at boot, since rebooting after that successful initial setup with cloudflare site.

When I use “cloudflared turnnel run” after boot, via SSH, it always runs fine and got connected in a few seconds.

It seems like it read the config.yml at boot, according to the log, but the following is the first error message in the log:
{“level”:“error”,“error”:“lookup cfd-features.argotunnel.com on 127.0.0.1:53: server misbehaving”,“time”:“2024-02-29T09:23:47Z”,“message”:“Failed to fetch features, default to disable”}

I am at my wit’s end how to fix this. I Tried different versions of cloudflared and different versions of config files as well.

I am not using adblock or anything like that. I even set 1.1.1.1 as default DNS.
Initial protocol was set in the config.yml to be http2 because quic seems to fail every time.
I also do not have 192.168.0.1 in the network.

Log as follows, it just repeats the following like 4/5 times and the stopped but after boot, if I manually run after boot finished, log has nothing about port53 issue and just a few lines and got connected successfully in like 15 seconds, reboot router and it is no longer running:

{"level":"debug","time":"2024-02-29T09:23:47Z","message":"Loading configuration from /etc/cloudflared/config.yml"}
{"level":"info","tunnelID":"1db4e2cf-blah-blah-blah-72f6403ece27","time":"2024-02-29T09:23:47Z","message":"Starting tunnel"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Version 2024.2.1"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"GOOS: linux, GOVersion: go1.21.5, GoArch: arm64"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Settings: map[config:/etc/cloudflared/config.yml cred-file:/etc/cloudflared/1db4e2cf-blah-blah-blah-72f6403ece27.json credentials-file:/etc/cloudflared/1db4e2cf-blah-blah-blah-72f6403ece27.json logfile:/var/log/cloudflared.log loglevel:debug no-autoupdate:true origincert:/etc/cloudflared/cert.pem p:http2 protocol:http2 retries:20 token:*****]"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Generated Connector ID: 22bf2c46-blah-blah-blah-348932fdb16c"}
{"level":"error","error":"lookup cfd-features.argotunnel.com on 127.0.0.1:53: server misbehaving","time":"2024-02-29T09:23:47Z","message":"Failed to fetch features, default to disable"}
{"level":"error","error":"Get \"https://update.argotunnel.com?arch=arm64&clientVersion=2024.2.1&os=linux\": dial tcp: lookup update.argotunnel.com on 127.0.0.1:53: server misbehaving","time":"2024-02-29T09:23:47Z","message":"update check failed"}
{"level":"debug","time":"2024-02-29T09:23:47Z","message":"Fetched protocol: http2"}
{"level":"warn","time":"2024-02-29T09:23:47Z","message":"Unable to lookup protocol percentage."}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Initial protocol http2"}
{"level":"debug","error":"dial udp 192.168.0.1:53: connect: network is unreachable","time":"2024-02-29T09:23:47Z","message":"Failed to determine the IPv4 for this machine. It will use 0.0.0.0 to send/listen for ICMPv4 echo"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"ICMP proxy will use 0.0.0.0 as source for IPv4"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"ICMP proxy will use ::1 in zone lo as source for IPv6"}
{"level":"debug","event":0,"event":0,"domain":"_v2-origintunneld._tcp.argotunnel.com","time":"2024-02-29T09:23:47Z","message":"edge discovery: looking up edge SRV record"}
{"level":"error","event":0,"error":"lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.1:53: server misbehaving","time":"2024-02-29T09:23:47Z","message":"edge discovery: error looking up Cloudflare edge IPs: the DNS query failed"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"Please try the following things to diagnose this issue:"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"  1. ensure that argotunnel.com is returning \"origintunneld\" service records."}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"  2. ensure that your DNS resolver is not returning compressed SRV records."}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     See GitHub issue https://github.com/golang/go/issues/27546"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     For example, you could use Cloudflare's 1.1.1.1 as your resolver:"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Starting metrics server on 127.0.0.1:33223/metrics"}
{"level":"debug","event":0,"event":0,"domain":"_v2-origintunneld._tcp.argotunnel.com","time":"2024-02-29T09:23:47Z","message":"edge discovery: looking up edge SRV record"}
{"level":"error","event":0,"error":"lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.1:53: server misbehaving","time":"2024-02-29T09:23:47Z","message":"edge discovery: error looking up Cloudflare edge IPs: the DNS query failed"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"Please try the following things to diagnose this issue:"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"  1. ensure that argotunnel.com is returning \"origintunneld\" service records."}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     Run your system's equivalent of: dig srv _origintunneld._tcp.argotunnel.com"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"  2. ensure that your DNS resolver is not returning compressed SRV records."}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     See GitHub issue https://github.com/golang/go/issues/27546"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     For example, you could use Cloudflare's 1.1.1.1 as your resolver:"}
{"level":"error","event":0,"time":"2024-02-29T09:23:47Z","message":"     https://developers.cloudflare.com/1.1.1.1/setting-up-1.1.1.1/"}
{"level":"error","error":"Could not lookup srv records on _v2-origintunneld._tcp.argotunnel.com: lookup _v2-origintunneld._tcp.argotunnel.com on 127.0.0.1:53: server misbehaving","time":"2024-02-29T09:23:47Z","message":"Initiating shutdown"}
{"level":"info","time":"2024-02-29T09:23:47Z","message":"Tunnel server stopped"}
{"level":"info","time":"2024-02-29T09:23:48Z","message":"Metrics server stopped"}

Please kindly advise.