Setting up a tunnel around iperf3

I am evaluating the use of Cloudflare Tunnels to see if they improve my effective bandwidth between my host and client.

My host/server machine (OS: Windows 10) has cloudflared tunnel set up and working for a couple HTTP test servers I have. Now I’m trying to test with [iperf3] https://github.com/esnet/iperf which runs over TCP (or optionally, [UDP] https://software.es.net/iperf/invoking.html#iperf3-manual-page)

My client (OS: MacOS 13) also has cloudflared installed via Homebrew.

Based on the CF docs, [I have to use `cloudflared` also on my client for TCP tunnels] https://developers.cloudflare.com/cloudflare-one/applications/non-http/arbitrary-tcp/ (not the case with HTTP based services)

So here’s how I set those up:

  1. Start [iPerf3] https://github.com/ar51an/iperf3-win-builds in server mode:
PS C:\Users\x3nsjxik\Documents\iperf-3.15-win64> .\iperf3.exe -v
iperf 3.15 (cJSON 1.7.15)
CYGWIN_NT-10.0-19045 x3nsjxik 3.4.9-1.x86_64 2023-09-06 11:19 UTC x86_64
Optional features available: CPU affinity setting, support IPv4 don't fragment
PS C:\Users\x3nsjxik\Documents\iperf-3.15-win64> .\iperf3.exe -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
  1. Start cloudflared on the host in a new Terminal tab:
PS C:\Users\x3nsjxik> cloudflared tunnel login
A browser window should have opened at the following URL:

https://dash.cloudflare.com/argotunnel?aud=&callback=https%3A%2F%2Flogin.cloudflareaccess.org%xxx%3D

If the browser failed to open, please visit the URL above directly in your browser.
2023-09-21T05:50:00Z INF Waiting for login...
You have successfully logged in.
If you wish to copy your credentials to a server, they have been saved to:
C:\Users\x3nsjxik\.cloudflared\cert.pem
PS C:\Users\x3nsjxik> cloudflared tunnel --hostname iperf.site.com--url tcp://localhost:5201
2023-09-21T05:50:47Z INF Thank you for trying Cloudflare Tunnel. Doing so, without a Cloudflare account, is a quick way to experiment and try it out. However, be aware that these account-less Tunnels have no uptime guarantee. If you intend to use Tunnels in production you should use a pre-created named tunnel by following: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps
2023-09-21T05:50:47Z INF Requesting new quick Tunnel on trycloudflare.com...
2023-09-21T05:50:48Z INF +--------------------------------------------------------------------------------------------+
2023-09-21T05:50:48Z INF |  Your quick Tunnel has been created! Visit it at (it may take some time to be reachable):  |
2023-09-21T05:50:48Z INF |  https://protecting-x-x-balanced.trycloudflare.com
        |
2023-09-21T05:50:48Z INF +--------------------------------------------------------------------------------------------+
2023-09-21T05:50:48Z INF Cannot determine default configuration path. No file [config.yml config.yaml] in [~/.cloudflared ~/.cloudflare-warp ~/cloudflare-warp]
2023-09-21T05:50:48Z INF Version 2023.8.2
2023-09-21T05:50:48Z INF GOOS: windows, GOVersion: go1.20.6, GoArch: amd64
2023-09-21T05:50:48Z INF Settings: map[ha-connections:1 hostname:iperf.site.com protocol:quic url:tcp://localhost:5201]
2023-09-21T05:50:48Z INF cloudflared will not automatically update on Windows systems.
2023-09-21T05:50:48Z INF Generated Connector ID: 5f7da121-0376-4bc7-9f0b-4f171995c9b0
2023-09-21T05:50:48Z INF Initial protocol quic
2023-09-21T05:50:48Z INF ICMP proxy will use x.x.0.9 as source for IPv4
2023-09-21T05:50:48Z INF ICMP proxy will use x::x:8030:db:8c65 in zone ProtonVPN TUN as source for IPv6
2023-09-21T05:50:48Z INF Starting metrics server on 127.0.0.1:64558/metrics
2023-09-21T05:50:49Z INF Registered tunnel connection connIndex=0 connection=x-2b3f-4b62-86b0-x event=0 ip=x.41.x.x location=ewr07 protocol=quic

2b. I have also tried account-less tunnels with:
PS C:\Users\x3nsjxik> cloudflared tunnel --url tcp://localhost:5201 --loglevel debug

  1. On the client side, I start a cloudflared instance with:
    MacOS ➜ cloudflared access tcp --hostname iperf.site.com --url localhost:5201

3b. or if I do it account-less like in 2b:
MacOS ➜ cloudflared access tcp --hostname protecting-x-x-balanced.trycloudflare.com --url localhost:5201

  1. Lastly, I start iperf3 on the client side:
➜  iperf3 -c localhost
iperf3: error - unable to connect to server - server may have stopped running or use a different port, firewall issue, etc.: Connection refused
➜  iperf3 -c localhost -p 5201
iperf3: error - unable to connect to server - server may have stopped running or use a different port, firewall issue, etc.: Connection refused

4b. I have verified that if I put my direct IP (and forwarded port) in the client iperf, it does connect:

➜  iperf3 -c x.x.x.x   
Connecting to host x.x.x.x, port 5201
[  7] local 192.168.86.250 port 57167 connected to x.x.x.x port 5201
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-1.00   sec  12.2 MBytes   103 Mbits/sec                  
[  7]   1.00-2.00   sec  38.0 MBytes   319 Mbits/sec                  
[  7]   2.00-3.00   sec  40.7 MBytes   342 Mbits/sec                  
[  7]   3.00-4.00   sec  36.5 MBytes   305 Mbits/sec                  
[  7]   4.00-5.00   sec  10.2 MBytes  85.7 Mbits/sec                  
[  7]   5.00-6.01   sec  13.9 MBytes   116 Mbits/sec                  
[  7]   6.01-7.00   sec  22.3 MBytes   188 Mbits/sec                  
[  7]   7.00-8.00   sec  21.8 MBytes   182 Mbits/sec                  
[  7]   8.00-9.00   sec  18.9 MBytes   158 Mbits/sec                  
[  7]   9.00-10.00  sec  21.3 MBytes   179 Mbits/sec                  
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  7]   0.00-10.00  sec   236 MBytes   198 Mbits/sec                  sender
[  7]   0.00-10.11  sec   235 MBytes   195 Mbits/sec                  receiver

iperf Done.

What am I doing wrong?

Hi, any help?

Hi, I’m here searching for similar error.
After a wait, I found that iperf3 -c take IP, not domain, so instead of localhost try 127.0.0.1.

iperf3 -c 127.0.0.1 work for me: