OpenVPN: masking the original IP

I have set up OpenVPN on a Raspberry Pi. The Pi runs ddclient which regularly updates a No-IP hostname.
I connect to OpenVPN through a greyclouded CNAME ( that points to the No-IP hostname (I know that I can connect directly to the no-ip hostname but I want to use CF to be able to redirect to another address if needed).
When I connect with my VPN client the CF subdomain and port are communicated and thus the IP is also visible.
Everything works. I am curious as to if there is a way to avoid exposing the No-IP hostname thus my original home IP. Proxying the CNAME through CF doesn’t work as the client cannot find the route to the raspberry…


Short answer: no.

Basically. Cloudflare is a HTTP proxy and won’t proxy OpenVPN. You could try to setup openVPN on TCP/443. But this will definitely slow down your VPN and I am not sure if Cloudflare will proxy it. I bet they don’t

I didn’t try this yet.

1 Like

Ah got it. Any other solutions outside CF…?

And what if I use a SRV record to point to OpenVPN’s port…?

You can use a SRV record, however Cloudflare will not proxy it since the traffic is not http-based traffic.

One solution is Cloudflare Spectrum, however proxying any UDP/TCP protocol with Spectrum requires Enterprise.

1 Like

Thanks - that makes sense. Also it seems that Spectrum only works for TCP

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.