Zero Trust as an Office VPN, why so hard?

Ok maybe I completely dump or it is simply way too hard to set up Zero Trust access!

All i want to do is use Zero Trust as an office VPN, so that when I am away, I can access specific internal IP addresses (like 192.168.1.5, 192.168.1.6 etc) through my mobile phone, laptop etc. That’s all!

What i have done is i have installed the cloudflared service on my Windows Server in the office, and i can authenticate fine through the Cloudflare Access URL i have setup.

Although once i am connected, nothing happens. Whatever IP i try to ping, access on my browser etc, everything is not working.

Can someone offer assist? What Policy and what type of application i should choose?

Have you gone through all this documentation?

The step “Ensure that traffic can reach your network” in particular is often overlooked.

Pinging the IP will not work since Zero Trust only forwards TCP and UDP traffic and a ping is neither. You will have to test by trying to access your internal services through your browser.

1 Like

In my experience it is better to connect to a domain and create as many subdomains as services you want to access, for which there are tutorials at https://developers.cloudflare.com/cloudflare-one/applications/non-http/

Start with this part of the documentation https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/remote/#set-up-a-tunnel-remotely-dashboard-setup

It’s remarkable how difficult Cloudflare made it to create a simple VPN replacement!

I have created a tunnel, I gave the private network CIDR 192.168.1.0/24, I can connect fine through my mobile phone, but the mobile phone has IP address 100.96.0.8

huh??? :thinking: