Ok, I'm stumped...?

I know, my title is vague. Ok, my tunnels have been working great for months…but, I was experiencing WAN flapping on my OPNSense router and had to revert back to 22.7.7 load to minimize. It has not gone away, but during my work to resolve that problem. My Cloudflared tunnels are giving me 1033 errors and not connecting. The tunnels show healthy on the dashboard, and are active, but I’m experiencing some connection issues and don’t know where to go next with my troubleshooting. I have even broken my OPNSense router down to it’s most basic throughput, bypassing Pi-Hole & Unbound, and Firewall rules (which are mostly generic from OPNSense), with no joy.

I completely uninstalled Cloudflared and started over from scratch, with no joy.

I don’t consider myself an expert, but follow guidance from other experts learning along the way as best I can. Please ask and I will provide whatever I can. I did not want to fill up this ask with information that would not be relevant.

So through process of elimination, and reading on other sites, I’ve turned off Unbound and adjusted my Pi-hole settings differently. I have 2 servers…Home Asst (runs on a Mac Pro Trash Can) and a Linux machine running a series of Docker containers. Both tunnels are showing up on the Dashboard, but I can only connect to my Home Asst tunnel. This is progress. The Linux tunnel still shows up, but now gets a 502 Error. I’ll continue to diagnose

Ok, I’ve determined what’s blocking me, but not sure how to fix it. I ran a script to allow only local LAN IP’s and Cloudflared IP’s. When I run # ufw disable, then I can get to my tunnel IP’s. Here is the list. Is there something wrong in it that I’m missing?

To Action From


Anywhere ALLOW IN 192.168.1.0/24
Anywhere ALLOW IN 192.168.48.0/24
Anywhere ALLOW IN 10.20.20.0/24
22/tcp ALLOW IN Anywhere
Anywhere ALLOW IN 173.245.48.0/20/tcp # Cloudflare IP
Anywhere ALLOW IN 103.21.244.0/22/tcp # Cloudflare IP
Anywhere ALLOW IN 103.22.200.0/22/tcp # Cloudflare IP
Anywhere ALLOW IN 103.31.4.0/22/tcp # Cloudflare IP
Anywhere ALLOW IN 141.101.64.0/18/tcp # Cloudflare IP
Anywhere ALLOW IN 108.162.192.0/18/tcp # Cloudflare IP
Anywhere ALLOW IN 190.93.240.0/20/tcp # Cloudflare IP
Anywhere ALLOW IN 188.114.96.0/20/tcp # Cloudflare IP
Anywhere ALLOW IN 197.234.240.0/22/tcp # Cloudflare IP
Anywhere ALLOW IN 198.41.128.0/17/tcp # Cloudflare IP
Anywhere ALLOW IN 162.158.0.0/15/tcp # Cloudflare IP
Anywhere ALLOW IN 104.16.0.0/13/tcp # Cloudflare IP
Anywhere ALLOW IN 104.24.0.0/14/tcp # Cloudflare IP
Anywhere ALLOW IN 172.64.0.0/13/tcp # Cloudflare IP
Anywhere ALLOW IN 131.0.72.0/22/tcp # Cloudflare IP
22/tcp (v6) ALLOW IN Anywhere (v6)
Anywhere (v6) ALLOW IN 2400:cb00::/32/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2606:4700::/32/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2803:f800::/32/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2405:b500::/32/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2405:8100::/32/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2a06:98c0::/29/tcp # Cloudflare IP
Anywhere (v6) ALLOW IN 2c0f:f248::/32/tcp # Cloudflare IP

Read the guides here:

and:

Depending on the tunnel version you’re running, the outbound connection Tunnels will make is using QUIC if I recall correctly, so UDP rather than TCP. Your rules are likely blocking inbound UDP packets, causing the problem.