New Argo Tunnel Fails after 2 minutes

robsegal · December 14, 2022, 4:03am

Brand new VMware install of Ubuntu 22.04 Jammy with Apache2 and nothing else. After reboot or service restart, the tunnel fails within minutes. The previous server was online since June 2022 until the tunnel update. I have an identical server with Tomcat instead and it is flawless even after the update. Deleted and recreated the server and tunnel several times without success. Any help would be greatly appreciated. Below is what I get when I run “sudo systemctl status cloudflared”

Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z INF Retrying connection in up to 8s connIndex=3 ip=198.41.192.37
Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z ERR Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=2 ip=198.41.200.43
Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z INF Retrying connection in up to 8s connIndex=2 ip=198.41.200.43
Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z INF Retrying connection in up to 8s connIndex=1 ip=198.41.192.27
Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z ERR Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=0 ip=198.41.200.23
Dec 14 03:39:17 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:17Z INF Retrying connection in up to 8s connIndex=0 ip=198.41.200.23
Dec 14 03:39:18 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:18Z ERR Connection terminated error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=2
Dec 14 03:39:18 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:18Z ERR Connection terminated error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=0
Dec 14 03:39:23 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:23Z ERR Connection terminated error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=3
Dec 14 03:39:24 crm.replyreach.app cloudflared[3994]: 2022-12-14T03:39:24Z ERR Connection terminated error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=1

erictung · December 14, 2022, 4:07am

Do you have a network firewall that blocks outbound traffic to Cloudflare IP addresses port 7844 - both TCP and UDP?

robsegal · December 14, 2022, 3:09pm

Hi Erictung,

No the only firewall is the local UFW on the server itself. I have added and removed several rules for trial-and-error, but this is the basic rule set below:

ufw status
Status: active
To Action From

443 ALLOW Anywhere
22 ALLOW Anywhere
7844 ALLOW Anywhere
Apache Full ALLOW Anywhere
443 (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
7844 (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)

I ran all the connectivity dig tests and it only failed with region2.v2.argotunnel. com and api.Cloudflare. com on the first try. When I ran the test again about a minute later, it worked. Tried it again a few minutes later and noticed 5 second lag for the response.

I do have another vmware ubuntu server that I’m developing on for a medical application. Both servers are the same and is running from the same vmware host server. The medical application zero trust connection is perfect. The only difference is that it is a Tomcat server.