STUN (UDP 3478) to Unifi Controller blocked by cloudflare?


I’m struggling to understand how to have Cloudflare DNS enabled and still allow UDP 3478 through to my endpoint as it appears that Cloudflare is blocking it.

Is it classed as a non-standard port/service and therefore will not work on cloudflare or is there a workaround?

  • Broken: Multiple Client sites -> Cloudflare DNS (on / orange cloud) -> (firewall ports open) Unifi Controller
  • Working: Multiple Client sites -> Cloudflare DNS (off / grey cloud) -> (firewall ports open) Unifi Controller

Related Links


Cloudflare does not proxy port 3478, particularly not on UDP.

1 Like

UniFi controllers should be :grey: or be accessed by devices by IP.


Thanks for the speedy response - I didn’t find any UDP reference so it was worth asking.


Good quality DNS is the whole reason I’m using cloudflare as a solution, so while your suggestion of IP direct access would work it’s not a sustainable solution.

What would be cool is if we can find a workaround for setting the STUN target and the management target separately so that I can do just as you suggested and set the controller to :grey: - I have seen mention of this in the documentation but I can’t find a comprehensive answer at present.


Cloudflare only supports TCP and only a limited set of ports, which are additionally split between HTTP and HTTPS.

Cloudflare has an additional product in their portfolio, Spectrum, which supports proxying of general TCP traffic but it comes at quite a hefty price tag.


Direct access would still use Cloudflare’s DNS platform, it simply wouldnt proxy through Cloudflare. If the latter is also part of the reason of you using Cloudflare you clearly cant disable it, but you’ll be subject to aforementioned restrictions.

closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.