Tunnel not working when GCP VM has no public IP

I’ve got an Ubuntu vm running cloudflared. I can ssh over to the VM using the private address from a desktop running WARP perfectly fine.

But if I drop the public IP, I can no longer connect. Instead I get this message:

kex_exchange_identification: Connection closed by remote host
Connection closed by UNKNOWN port 65535

If I add a public IP back to the VM, the tunnel works again.

As for the VPC settings, I’ve got everything set to allow (just for testing purposes).

This is probably a GCP problem but I’d like to rule out CF first. Any ideas where I should look?

How did you drop the public IP? Is that what you put in your config file’s Ingress rule for that hostname?

The cloudflared config.yml? This is what mine look like:

tunnel: a-very-long-string
credentials-file: /home/abc/.cloudflared/a-very-long-string.json
  enabled: true

What service are you trying to connect to on that server?

And if you run cloudflared tunnel list, does it show active connection?

You didn’t mention how you dropped the public IP.

My bad. To drop the public IP, I went into the edit page of the instance in the GCP web console, and then changed External IP from Ephemeral to None.

Yes, the tunnel is listed as an active connection.

I’m only trying to ssh for now.

How about trying an Ingress Rule like this:

  - hostname: ssh.example.com
    service: ssh://localhost:22

Is there still a private IP address?

Personally, I wouldn’t go so far as to drop the public IP address because that would most likely make connections impossible. Without an IP address, I don’t even see how I could do routine maintenance without a way for packets to find there way back to the server. I just set up a firewall to drop all inbound traffic.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.