SSH Cloudflare Tunnel doesn't work

Hey,
I have just bought domain at Cloudflare and setup argo tunnels. Was following this guide:

  1. Install cloudflared: On the VM in your Proxmox environment where you want to establish the tunnel, install the cloudflared daemon. This can typically be done with the following command if you’re running a common Linux distribution:

sudo wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb

sudo dpkg -i cloudflared-linux-amd64.deb

  1. Authenticate cloudflared:

cloudflared tunnel login

This command will open a browser window to authenticate the installation to your Cloudflare account.

  1. Create a Tunnel:

cloudflared tunnel create master

This command will create a tunnel and give you a tunnel UUID and a credentials file.

  1. Configure the Tunnel to Proxy SSH

Create a Configuration File: Create a YAML configuration file for your tunnel. You can save it as /etc/cloudflared/config.yml:

tunnel: 29f5e60d-07ea-46a9-ac54-e6804da164a7

credentials-file: /home/bambo/.cloudflared/29f5e60d-07ea-46a9-ac54-e6804da164a7.json

ingress:

  • hostname: master.onlydevops.cc

service: ssh://localhost:22

  • service: http_status:404 # Catch-all rule
  1. Add CNAME record to Cloudflare DNS

cloudflared tunnel route dns master master.onlydevops.cc

  1. Start the Tunnel:

cloudflared tunnel run master

This command starts the tunnel. You might want to set up cloudflared as a system service so it starts on boot.

Step 4: Configure DNS

cloudflared tunnel route dns master master.onlydevops.cc

The tunnel seems to be and masteronlydevops.cc resolves to Cloudflare IP however I am not able to SSH to the VM. Any idea why? Nothing interesting in the logs. It looks like CloudfLare proxy is blocking port 22?

Have you installed Cloudflared both on the client and the server?

I haven’t done anything additional to set it up on the server but I went to Zero Trust → Network → Tunnels and I can see the tunnel is Healthy

You need to install Cloudflared on the client as well, as explained in the link in my previous post.

It is installed on the client:
bambo@k8s-master:~/.cloudflared$ sudo systemctl status cloudflared
[sudo] password for bambo:
● cloudflared.service - cloudflared
Loaded: loaded (/etc/systemd/system/cloudflared.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-05-16 07:38:12 UTC; 1h 13min ago
Main PID: 754143 (cloudflared)
Tasks: 10 (limit: 2176)
Memory: 15.4M
CPU: 8.668s
CGroup: /system.slice/cloudflared.service
└─754143 /usr/bin/cloudflared --no-autoupdate --config /etc/cloudflared/config.yml tunnel run

May 16 07:38:11 k8s-master cloudflared[754143]: 2024-05-16T07:38:11Z INF Generated Connector ID: 54465fa1-1bfe-4584-be35-ac2156545a57
May 16 07:38:11 k8s-master cloudflared[754143]: 2024-05-16T07:38:11Z INF Initial protocol quic
May 16 07:38:11 k8s-master cloudflared[754143]: 2024-05-16T07:38:11Z INF ICMP proxy will use 192.168.1.38 as source for IPv4
May 16 07:38:11 k8s-master cloudflared[754143]: 2024-05-16T07:38:11Z INF ICMP proxy will use fd63:b536:4564:bc9f:4837:d5ff:fe7c:97ff in zone enp6s18 as sour>
May 16 07:38:11 k8s-master cloudflared[754143]: 2024-05-16T07:38:11Z INF Starting metrics server on 127.0.0.1:35285/metrics
May 16 07:38:12 k8s-master cloudflared[754143]: 2024-05-16T07:38:12Z INF Registered tunnel connection connIndex=0 connection=bd8cf693-6fa9-4742-b61c-d3d09dc>
May 16 07:38:12 k8s-master systemd[1]: Started cloudflared.
May 16 07:38:12 k8s-master cloudflared[754143]: 2024-05-16T07:38:12Z INF Registered tunnel connection connIndex=1 connection=938da9c8-3977-4885-8f81-5d6a7e8>
May 16 07:38:13 k8s-master cloudflared[754143]: 2024-05-16T07:38:13Z INF Registered tunnel connection connIndex=2 connection=c52a0a21-fd1c-4474-b076-80a6915>
May 16 07:38:14 k8s-master cloudflared[754143]: 2024-05-16T07:38:14Z INF Registered tunnel connection connIndex=3 connection=bd4fec59-cfa8-4fdd-a071-e7a54ed>
bambo@k8s-master:~/.cloudflared$ cloudflared tunnel list
You can obtain more detailed information for each tunnel with cloudflared tunnel info <name/uuid>
ID NAME CREATED CONNECTIONS
29f5e60d-07ea-46a9-ac54-e6804da164a7 master 2024-05-16T07:06:24Z 2xwaw02, 2xwaw03

Thank you! It finally worked!

Strange. I did the same setup on the 2nd machine and now getting:
Connection closed by UNKNOWN port 65535. Do you have any clue why?