I am evaluating the use of Cloudflare Tunnels to see if they improve my effective bandwidth between my host and client.
My host/server machine (OS: Windows 10) has cloudflared tunnel set up and working for a couple HTTP test servers I have. Now I’m trying to test with [iperf3] https://github.com/esnet/iperf which runs over TCP (or optionally, [UDP] https://software.es.net/iperf/invoking.html#iperf3-manual-page)
My client (OS: MacOS 13) also has cloudflared installed via Homebrew.
Based on the CF docs, [I have to use `cloudflared` also on my client for TCP tunnels] https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/ (not the case with HTTP based services)
So here’s how I set those up:
- Start [iPerf3]
https://github.com/ar51an/iperf3-win-buildsin server mode:
PS C:\Users\x3nsjxik\Documents\iperf-3.15-win64> .\iperf3.exe -v
iperf 3.15 (cJSON 1.7.15)
CYGWIN_NT-10.0-19045 x3nsjxik 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64
Optional features available: CPU affinity setting, support IPv4 don't fragment
PS C:\Users\x3nsjxik\Documents\iperf-3.15-win64> .\iperf3.exe -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
- Start
cloudflaredon the host in a new Terminal tab:
PS C:\Users\x3nsjxik> cloudflared tunnel login
A browser window should have opened at the following URL:
https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%xxx%3D
If the browser failed to open, please visit the URL above directly in your browser.
2023-09-21T05:50:00Z INF Waiting for login...
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
C:\Users\x3nsjxik\.cloudflared\cert.pem
PS C:\Users\x3nsjxik> cloudflared tunnel --hostname iperf.site.com--url tcp://localhost:5201
2023-09-21T05:50:47Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
2023-09-21T05:50:47Z INF Requesting new quick Tunnel on trycloudflare.com...
2023-09-21T05:50:48Z INF +--------------------------------------------------------------------------------------------+
2023-09-21T05:50:48Z INF | Your quick Tunnel has been created! Visit it at (it may take some time to be reachable): |
2023-09-21T05:50:48Z INF | https://protecting-x-x-balanced.trycloudflare.com
|
2023-09-21T05:50:48Z INF +--------------------------------------------------------------------------------------------+
2023-09-21T05:50:48Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp]
2023-09-21T05:50:48Z INF Version 2023.8.2
2023-09-21T05:50:48Z INF GOOS: windows, GOVersion: go1.20.6, GoArch: amd64
2023-09-21T05:50:48Z INF Settings: map[ha-connections:1 hostname:iperf.site.com protocol:quic url:tcp://localhost:5201]
2023-09-21T05:50:48Z INF cloudflared will not automatically update on Windows systems.
2023-09-21T05:50:48Z INF Generated Connector ID: 5f7da121-0376-4bc7-9f0b-4f171995c9b0
2023-09-21T05:50:48Z INF Initial protocol quic
2023-09-21T05:50:48Z INF ICMP proxy will use x.x.0.9 as source for IPv4
2023-09-21T05:50:48Z INF ICMP proxy will use x::x:8030:db:8c65 in zone ProtonVPN TUN as source for IPv6
2023-09-21T05:50:48Z INF Starting metrics server on 127.0.0.1:64558/metrics
2023-09-21T05:50:49Z INF Registered tunnel connection connIndex=0 connection=x-2b3f-4b62-86b0-x event=0 ip=x.41.x.x location=ewr07 protocol=quic
2b. I have also tried account-less tunnels with:
PS C:\Users\x3nsjxik> cloudflared tunnel --url tcp://localhost:5201 --loglevel debug
- On the client side, I start a
cloudflaredinstance with:
MacOS ➜ cloudflared access tcp --hostname iperf.site.com --url localhost:5201
3b. or if I do it account-less like in 2b:
MacOS ➜ cloudflared access tcp --hostname protecting-x-x-balanced.trycloudflare.com --url localhost:5201
- Lastly, I start iperf3 on the client side:
➜ iperf3 -c localhost
iperf3: error - unable to connect to server - server may have stopped running or use a different port, firewall issue, etc.: Connection refused
➜ iperf3 -c localhost -p 5201
iperf3: error - unable to connect to server - server may have stopped running or use a different port, firewall issue, etc.: Connection refused
4b. I have verified that if I put my direct IP (and forwarded port) in the client iperf, it does connect:
➜ iperf3 -c x.x.x.x
Connecting to host x.x.x.x, port 5201
[ 7] local 192.168.86.250 port 57167 connected to x.x.x.x port 5201
[ ID] Interval Transfer Bitrate
[ 7] 0.00-1.00 sec 12.2 MBytes 103 Mbits/sec
[ 7] 1.00-2.00 sec 38.0 MBytes 319 Mbits/sec
[ 7] 2.00-3.00 sec 40.7 MBytes 342 Mbits/sec
[ 7] 3.00-4.00 sec 36.5 MBytes 305 Mbits/sec
[ 7] 4.00-5.00 sec 10.2 MBytes 85.7 Mbits/sec
[ 7] 5.00-6.01 sec 13.9 MBytes 116 Mbits/sec
[ 7] 6.01-7.00 sec 22.3 MBytes 188 Mbits/sec
[ 7] 7.00-8.00 sec 21.8 MBytes 182 Mbits/sec
[ 7] 8.00-9.00 sec 18.9 MBytes 158 Mbits/sec
[ 7] 9.00-10.00 sec 21.3 MBytes 179 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 7] 0.00-10.00 sec 236 MBytes 198 Mbits/sec sender
[ 7] 0.00-10.11 sec 235 MBytes 195 Mbits/sec receiver
iperf Done.
What am I doing wrong?