RDP frequent disconnections

Hi Cloudflare community,

I am using cloudflared on both ends (client and server) to connect via RDP to a remote Windows 11 machine. At random, the RDP connection is lost about 2 to 10 times per workday. There is no log of any error from the client or the server (even with loglevel=debug). RDP event logs (and packet captures) indicates that the TCP connection is closed gracefully by cloudflared on the server computer. The server’s cloudflared daemon never loses connection to the Cloudflare servers and it is always running. The issue is the same with both HTTP2 and QUIC transports.

I have tried downgrading to 2022.6 from 2022.10, but the problem wasn’t fixed.

The next solution to me would be to compile my own version of cloudflared but with better tracing. I would rather ditch RDP through cloudflared altogether than to maintain a fork.

Here are some logs from a connection that lasted 50 minutes, then closed, then closed again almost 4 hours later:

{"level":"debug","time":"2022-12-21T16:10:10Z","message":"CF-RAY: RAYID GET / HTTP/2.0"}
{"level":"debug","CF-RAY":"RAYID","Header":"map[Accept-Encoding:[gzip] Cdn-Loop:[cloudflare] Cf-Access-Authenticated-User-Email:[[email protected]] Cf-Access-Jwt-Assertion:[jwt] Cf-Connecting-Ip:[X.X.X.X] Cf-Ipcountry:[US] Cf-Ray:[rayid] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[uuid] Sec-Websocket-Key:[BASE64] Sec-Websocket-Version:[13] User-Agent:[Go-http-client/1.1] X-Forwarded-For:[X.X.X.X] X-Forwarded-Proto:[https]]","host":"computer.company.com","path":"/","rule":0,"time":"2022-12-21T16:10:10Z","message":"Inbound request"}
{"level":"debug","time":"2022-12-21T16:10:10Z","message":"CF-RAY: RAYID Request Content length unknown"}
{"level":"debug","time":"2022-12-21T17:00:32Z","message":"origin->tunnel copy: read tcp [::1]:59523->[::1]:3389: use of closed network connection"}
{"level":"debug","time":"2022-12-21T17:00:32Z","message":"tunnel->origin copy: readfrom tcp [::1]:59523->[::1]:3389: stream error: stream ID 13; CANCEL"}
{"level":"debug","time":"2022-12-21T17:00:43Z","message":"CF-RAY: RAYID GET / HTTP/2.0"}
{"level":"debug","CF-RAY":"RAYID","Header":"map[Accept-Encoding:[gzip] Cdn-Loop:[cloudflare] Cf-Access-Authenticated-User-Email:[[email protected]] Cf-Access-Jwt-Assertion:[jwt] Cf-Connecting-Ip:[X.X.X.X] Cf-Ipcountry:[US] Cf-Ray:[rayid] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[uuid] Sec-Websocket-Key:[BASE64] Sec-Websocket-Version:[13] User-Agent:[Go-http-client/1.1] X-Forwarded-For:[X.X.X.X] X-Forwarded-Proto:[https]]","host":"computer.company.com","path":"/","rule":0,"time":"2022-12-21T17:00:43Z","message":"Inbound request"}
{"level":"debug","time":"2022-12-21T17:00:43Z","message":"CF-RAY: RAYID Request Content length unknown"}
{"level":"debug","time":"2022-12-21T20:45:44Z","message":"tunnel->origin copy: readfrom tcp [::1]:62255->[::1]:3389: stream error: stream ID 15; CANCEL"}
{"level":"debug","time":"2022-12-21T20:45:44Z","message":"origin->tunnel copy: read tcp [::1]:62255->[::1]:3389: use of closed network connection"}
{"level":"debug","time":"2022-12-21T20:45:55Z","message":"CF-RAY: RAYID GET / HTTP/2.0"}
{"level":"debug","CF-RAY":"RAYID","Header":"map[Accept-Encoding:[gzip] Cdn-Loop:[cloudflare] Cf-Access-Authenticated-User-Email:[[email protected]] Cf-Access-Jwt-Assertion:[jwt] Cf-Connecting-Ip:[X.X.X.X] Cf-Ipcountry:[US] Cf-Ray:[rayid] Cf-Visitor:[{\"scheme\":\"https\"}] Cf-Warp-Tag-Id:[uuid] Sec-Websocket-Key:[BASE64] Sec-Websocket-Version:[13] User-Agent:[Go-http-client/1.1] X-Forwarded-For:[X.X.X.X] X-Forwarded-Proto:[https]]","host":"computer.company.com","path":"/","rule":0,"time":"2022-12-21T20:45:55Z","message":"Inbound request"}
{"level":"debug","time":"2022-12-21T20:45:55Z","message":"CF-RAY: RAYID Request Content length unknown"}

The cloudflared logs from the client show this error, when it disconnected after a 1-hour session:

2022-12-21T21:05:52Z DBG Websocket response: "HTTP/1.1 101 Switching Protocols\r\nAlt-Svc: h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: RAYID\r\nConnection: upgrade\r\nDate: Wed, 21 Dec 2022 21:05:52 GMT\r\nNel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nReport-To: {\"endpoints\":[...],\"group\":\"cf-nel\",\"max_age\":604800}\r\nSec-Websocket-Accept: BASE64\r\nServer: cloudflare\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains; preload\r\nUpgrade: websocket\r\nX-Content-Type-Options: nosniff\r\n\r\n"
2022-12-21T22:08:46Z DBG tunnel->origin copy: readfrom tcp 127.0.0.1:3388->127.0.0.1:52534: websocket: close 1006 (abnormal closure): unexpected EOF
2022-12-21T22:08:46Z DBG origin->tunnel copy: read tcp 127.0.0.1:3388->127.0.0.1:52534: use of closed network connection2022-12-21T22:08:56Z DBG Websocket request: GET / HTTP/1.1
Host: computer.company.com
 
2022-12-21T22:08:57Z DBG Access Websocket request: GET / HTTP/1.1
Host: computer.company.com
Cf-Access-Token: JWT
 
2022-12-21T22:08:57Z DBG Websocket response: "HTTP/1.1 101 Switching Protocols\r\nAlt-Svc: h3=\":443\"; ma=86400, h3-29=\":443\"; ma=86400\r\nCf-Cache-Status: DYNAMIC\r\nCf-Ray: RAYID\r\nConnection: upgrade\r\nDate: Wed, 21 Dec 2022 22:08:58 GMT\r\nNel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nReport-To: {\"endpoints\":[...],\"group\":\"cf-nel\",\"max_age\":604800}\r\nSec-Websocket-Accept: BASE64\r\nServer: cloudflare\r\nStrict-Transport-Security: max-age=15552000; includeSubDomains; preload\r\nUpgrade: websocket\r\nX-Content-Type-Options: nosniff\r\n\r\n"

Any idea or comment is very much appreciated.

1 Like

I have updated the OP with the client’s logs.

1 Like

This happens to us as well. Sometimes I can go nearly all day without disconnections but other times I’ll get disconnected 5 - 6 times within an hour. It’s maddeningly random but it seems to happen to everyone, but almost never at the same time.

Several of us have resorted to dropping from warp and connecting to our trusty old fw vpn which never has this issue.

You can try using WARP and v-nets instead, since the cloudflared CLI is clearly not fit to be used as a client for long-term TCP connections.