"Trouble finding the site" with tunnel public hostname - works initially

I am experimenting with ZeroTrust Tunnels, using the webgui implementation. Free plan. Tunnel connected to ORD, YYZ data centers.

I’ve run into a couple of different issues.

After creating a new tunnel, and defining a public hostname with an internal https URL (no TLS verify), I can immediately connect to the new hostname site using firefox, using DoH. The public hostname will work for a short period of time, then quit working, with trouble finding that site message. Running cloudflared from the command line with loglevel debug and transport-loglevel debug, doesn’t show any error message, the console just stops displaying any new information. Cloudflared process is still running, webgui still shows that tunnel is healthy.

Some additional oddities:

  • If I set Firefox to not use DoH, I can’t connect with firefox
  • I can’t connect with Chrome at all, with site can’t be reached message.
  • If I connect with Firefox, and it is working initially, if I try to connect from a different computer, using Firefox, the first browser gets the trouble finding site message, while the second computer/browser works for a short period of time, until the trouble finding site message occurs.
  • If while the first browser is working, I attempt to connect using Chrome, both browsers stop working
  • If I attempt to connect with Chrome first, which doesn’t work, can’t connect with Firefox
  • Have tried Chome in incognito mode as well, to disable extensions. No difference
  • nothing seems to fix the issue. Restarting cloudflared doesn’t help. Clearing firewall states doesn’t help.
  • when the browsers stop connecting, the tunnel running from the command line stops showing any new information
  • If I delete the public hostname, and make a new one in the same tunnel, I can immediately connect to the new public hostname with Firefox for a short period of time, and the cycle repeats.

Using OpnSense latest updates as a firewall. Tried both latest docker container, and latest ubuntu .deb version of cloudflared, same issue. Have tried with ipv6 enabled and disabled without any improvement.

Any thoughts on what might be causing this?