OpenVPN: masking the original IP


I have set up OpenVPN on a Raspberry Pi. The Pi runs ddclient which regularly updates a No-IP hostname.
I connect to OpenVPN through a greyclouded CNAME ( that points to the No-IP hostname (I know that I can connect directly to the no-ip hostname but I want to use CF to be able to redirect to another address if needed).
When I connect with my VPN client the CF subdomain and port are communicated and thus the IP is also visible.
Everything works. I am curious as to if there is a way to avoid exposing the No-IP hostname thus my original home IP. Proxying the CNAME through CF doesn’t work as the client cannot find the route to the raspberry…



Short answer: no.

Basically. Cloudflare is a HTTP proxy and won’t proxy OpenVPN. You could try to setup openVPN on TCP/443. But this will definitely slow down your VPN and I am not sure if Cloudflare will proxy it. I bet they don’t

I didn’t try this yet.


Ah got it. Any other solutions outside CF…?


And what if I use a SRV record to point to OpenVPN’s port…?


You can use a SRV record, however Cloudflare will not proxy it since the traffic is not http-based traffic.

One solution is Cloudflare Spectrum, which would proxy the traffic, however it’s currently only available for enterprise customers.


Thanks - that makes sense. Also it seems that Spectrum only works for TCP


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.