How To Setup a TCP Cloudflared Tunnel

How To Config a TCP Cloudflared Tunnel

Let’s Fix This Once, and for all!
How To Config a TCP Cloudflared Tunnel, I have searched every single thread in the community
And also all the documentation for this particular problem & other related things.
There is no “How To Do it”
The configuration for a TCP tunnel (how I did it so far)

tunnel: 6c17f73c-
credentials-file: C:\Users\User\.cloudflared\6c17f73c.json

ingress:
  - hostname: minecraft-server.n1
    service: tcp://localhost:25565

Doesn’t work, This is an example of a Minecraft server port with Cloudflared Tunnel
Now, I wanted to Tunnel a MySQL database which the config should look like this

tunnel: 1a8sdsad
credentials-file: C:\Users\User\.cloudflared\1a8sdsad.json

ingress:
  - hostname: sql-server.s1
    service: tcp://localhost:3306

But it Doesn’t work, the port is open & working…
Before I knew about Cloudflared tunnels I used the best alternative which is Ngrok Now Ngrok is a very poor service compared to Cloudflared, but it allows you to open a tunnel for a TCP service by configuring the config with a simple tag tcp://localhost:3306 and when you run it does what its spouse to do, now this is a bit different from Cloudflared but you can open a tunnel for a TCP
now on Cloudflared when you do service: tcp://localhost:3306 the tunnel appears online but no one can access it.
Maybe I and @czarkk, @user21638, @lokaminecraft, @marvintje123, @bfdnd are doing this wrong?

What About The Docs?

Well, in the docs there is no information about setting up a TCP Cloudflared Tunnel.
In the Configuration file Section on the Cloudflare Zero Trust, it explains the basic operation and configuration of HTTP tunnel, which works great :slight_smile:
In the Ingress rules when you go to the Supported protocols section on the page The first mention appears about TCP tunnels but when you implement this protocol it doesn’t work as I mentioned :point_up:

What Is Wrong? :persevere:

Maybe I am configuring it wrong, all the ports are open and are working.
This is a screenshot from Powershell


On Cloudflare Zero Trust

On Cloudflare DNS

On MySQL
image
Why is that? what is wrong?
Also the same result for the @czarkk - @user21638 cases, I made a Minecraft server and configured a TCP tunnel localhost:25565
all green in the Powershell & Cloudflare Zero Trust & Cloudflare DNS but when I tried to connect in Minecraft nothing works

Related Topics On The Same Problem

2 Likes

Hi @IMS_Network - Abe from the product team :wave:

Please feel free to shoot me a message at abe[at]Cloudflare[dot]com when you have a moment. I see a couple things going on here that are likely culprits. Once we resolve, we can circle back and clean up this thread with some guidance for other users as well.

In the meantime, it looks like the value you’re attempting to add into your ingress rules as a hostname is not a proper hostname. The hostname in the ingress rule should match the route you’re CNAMEing through Cloudflare (and you’ll need it to be fully proxied through Cloudflare as well). I also suspect the Minecraft server is sending traffic over UDP which is only supported when using the Warp + Tunnel private networks and changing the protocol to QUIC. This may be the case for your mySQL server as well, but that can vary a bit. Regardless, happy to help get this sorted!

3 Likes

Thank you for replying, I did install WARP & configured the DNS on the server PC.
Also, the certificate is valid & on https://help.teams.cloudflare.com/ it shows that the Your network is fully protected .
Then when logging in to Cloudflare Zero Trust this error pops up:
image
Now according to Set up WARP for your organization, you need to set some rules for users to connect… This is the rule that is currently set up.
image

What do you mean fully proxied through Cloudflare?

basically, if I have a CNAME in the DNS for test.ims-network.net it should be the same in the config?

tunnel: 6c17f73c-
credentials-file: C:\Users\User\.cloudflared\6c17f73c.json

ingress:
  - hostname: test.ims-network.net
    service: tcp://localhost:25565

What am I missing?

  • Warp installed
  • Certificate installed
  • Login Method is setup
  • Enrollment permissions (not sure)
  • Proxy setting enabled

I am not sure about it, but everyone is using TCP, not UDP. This is the default.
Minecraft is a heavy TCP game as @lokaminecraft explained in his topic, he doesn’t fully understand but he is kinda right. Also According to Azure Docs, this is how they explain it on Basic Game Server Hosting - Azure Gaming | Microsoft Docs

Update!

WARP is working!!
I managed to open a port for an HFS System, and it works perfectly
Now this error shows up

2022-03-26T17:24:58Z WRN Unable to establish connection. error="already connected to this server, trying another address" connIndex=3
2022-03-26T17:24:58Z WRN Connection terminated error="already connected to this server, trying another address" connIndex=3
2022-03-26T17:29:06Z WRN Unable to establish connection. error="already connected to this server, trying another address" connIndex=3
2022-03-26T17:24:45Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:5050: connectex: No connection could be made because the target machine actively refused it." cfRay=6f2194de6c33216f-DUS originService=http://localhost:5050
2022-03-26T17:24:48Z ERR  error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: dial tcp [::1]:5050: connectex: No connection could be made because the target machine actively refused it." cfRay=6f2194f2afcf216f-DUS originService=http://localhost:5050

The Main Problem wasn’t solved, I can’t setup a TCP connection. TCP just doesn’t work.

How are you trying to connect as the TCP client?
I was able to set up Minecraft with cloudflared very quickly.

A post was split to a new topic: Email issues with Cloudflare

TCP To A Minecraft server
TCP For MySQL server
Minecraft is for fun, but I really need a MySQL tunnel…
I’m able to make HTTP or HTTPS tunnels with no problems
The TCP tunnels aren’t working for me

The DNS record for the tunnel needs to be :orange: to start. This is a quick guide.

What it looks like to me is you are failing at the client connection. No where do you show cloudflared access tcp --hostname test-ims-network.net --url localhost:9210 then connecting to that port that gets opened on your local machine. Something to remember with cloudflared tunnels for non-http(s) connections is that the client machine needs cloudflared as well as the server.

I did, and this is the error when I run the tunnel @Cyb3r-Jak3

2022-03-28T18:15:33Z ERR Register tunnel error from server side error="Unauthorized: Invalid tunnel secret" connIndex=0
2022-03-28T18:15:33Z INF Retrying connection in up to 2s seconds connIndex=0
2022-03-28T18:15:34Z ERR Register tunnel error from server side error="Unauthorized: Invalid tunnel secret" connIndex=0
2022-03-28T18:15:34Z INF Retrying connection in up to 4s seconds connIndex=0
2022-03-28T18:15:36Z ERR Register tunnel error from server side error="Unauthorized: Invalid tunnel secret" connIndex=0
2022-03-28T18:15:36Z INF Retrying connection in up to 8s seconds connIndex=0
2022-03-28T18:15:43Z ERR Register tunnel error from server side error="Unauthorized: Invalid tunnel secret" connIndex=0
2022-03-28T18:15:43Z INF Retrying connection in up to 16s seconds connIndex=0
2022-03-28T18:15:56Z ERR Register tunnel error from server side error="Unauthorized: Invalid tunnel secret" connIndex=0
2022-03-28T18:16:05Z INF Retrying connection in up to 32s seconds connIndex=0

This solution requires an extra program to be on every customer’s PC that is trying to access this tunnel or connect… according to How To Connect section, this is not for running a Minecraft server but, this is amazing for a MySQL server

Also, How Can I Run all the tunnels from a Single Command, Something Like
cloudflared tunnel run --all

Yes, that is how TCP connections work with Cloudflared.

As far as I know, you can’t do that. You have to do cloudflared tunnel run for each tunnel. You could probably write a bash script for it, though.

Solved!

Read This DOC For All the info you will need
https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/

Unfortunately, Minecraft TCP isn’t supported by cloudflared tunnel

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.