Tunnel private network to another Tunnel private network

Hello, my objective is to make two private networks talk to one another, where each private network is using its own Tunnel that has been logged into the same Team.

As a starting point, I have followed the tutorial before located here (https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel) to create a means for outside users to run WARP, log into the Team, and access a private network IP address across a Tunnel. But what I am trying to do now is have hosts on two private networks be able to talk to one another without either host having to authenticate. My hope is that they should not have to do so, because each Tunnel has already authenticated to the Team, therefore the private networks they each advertise should be able to reach one another.

After I created both tunnels, my route list looks something like this:

[email protected]:~# cloudflared tunnel route ip list
NETWORK     COMMENT TUNNEL ID                            TUNNEL NAME CREATED              DELETED 
10.50.3.0/24        <tunnelid1>                          tunnel1     2021-12-01T19:51:04Z -       
10.50.1.0/24        <tunnelid2>                          tunnel2     2021-12-01T19:54:04Z -       
[email protected]:~#

My hope is that now, a host on private network 1 can directly reach a host on private network 2… e.g. ping from host 10.50.3.20 to host 10.50.1.20. However, this doesn’t seem to be the case. It seems like a host running Tunnel doesn’t really have a way to initiate a connection through the Tunnel to other resources that are registered within the same Team construct. Rather, it only wants to respond to connection requests coming in via the Tunnel. Is there anything I am missing?


Finally, if this is not the correct approach to the problem (using Tunnels with private network), can someone suggest an alternate way to accomplish the objective? I am trying to get hosts from two private networks in two different locations to be able to exchange traffic directly. But it’s not feasible to create some kind of site to site VPN (e.g. wireguard). No inbound traffic is being permitted to the sites, and the only outbound we have been able to get permission for is outbound Cloudflare Tunnel. Thank you.