How to configure OpenVPN with Cloudflare

*We would like to migrate our On-Prem OpenVPN to CF and would like to know how to go about migrating over? Are there any instructions to do so and or some demo?

Why Wait*
Don’t wait for an answer, find it fast! Search for #CommunityTip error:
Example: #CommunityTip 521

Test Before You Post
Unsure of the issue? Test before posting using the Cloudflare Diagnostic Center: Diagnostic Center | Check SSL and Test Website Security | Cloudflare

What do you mean by migrate to CF?

Do you want to move to using Cloudflare Zero Trust for accessing on-premises resources? https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel/

If that is the equivalent of openvpn for cf then yes… i have never configured openvpn via cf before so am new to this.

I’m not too sure where Cloudflare is apart of the equation with OpenVPN - Cloudflare’s proxy (i.e for a DNS record) is only for HTTP/HTTPS.

Cloudflare Zero Trust would mean you ditch OpenVPN and use WARP & Cloudflare Tunnels for accessing internal resources.

1 Like

OpenVPN and Cloudflare are different things, even Cloudflare Access.

The short version is that OpenVPN uses certificates to create an encrypted tunnel that all of your traffic goes over. This allows you to remotely access company resources.

Cloudflare is a reverse proxy. Rather than traffic going directly to your website it goes through Cloudflare who then sends it to your website. Because Cloudflare is getting all your traffic before it reaches the destination they can apply custom filters and access controls to it. This is where Cloudflare Access comes in. With Access you can decide what conditions allow someone access to your web resources.

Now I bring both these up because there are some important differences. Access is focused on Web Resources. This means protocols like SMB are not going to be useable with Access as that’s not an HTTP thing. Others like SIP/SPICE/IMAP/SMTP/etc aren’t going to work with Access because they’re not HTTP. Cloudflare has started allowing things like RDP and SSH through Access but by and large it’s focused on HTTP resources. Where as a VPN doesn’t care what resources you’re trying to access.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.