Zero Trust WARP client using two team names functions on one, fails on the other

I have two Cloudflare accounts with different domains each. I have setup two different Zero Trust accounts (team names), say team1 and team2.

Zero Trust settings are identical on both. Aim is to get remote access to the same private network from both team1 and team2.

On a Windows PC I have the WARP client installed. When I connect to Zero Trust using team1 as the team name, I get full access to the private network (I can access any host). When I try to connect with team2 I cannot access the private network. On some IP addresses I get a 502 bad gateway error, on others connection just times out.

What is it I am missing to get this to work? I have tried everything I can think of and searched extensively for anyone with similar issues, but no luck.

There is no support for spanning policies across multiple organizations / teams in Cloudflare Zero Trust at this time.

1 Like

Thanks for this. So if I want to setup the WARP client with team2 only how I go about fixing the fact it only works on team1?

Sign out of Team 1 and sign into Team 2 or consolidate the domains into a single account.

I have tried even uninstalling the WARP client and installing with team2 setup, following reboot. It still does not allow team2 to connect to see the private network. Are there registry entries I should be deleting? One area I have yet to check.

Sounds like the tunnel configuration and network settings for Team 2 are configured incorrectly then. Verify the settings for that tunnel configuration and associated network policies for that Team/Org.

Sounds to me as Proxy option is disabled. Note that once enabled it takes a moment to kick in.

Proxy is on. Confident this is not the issue. Thank you for the suggestion.

I think I have found where the problem lies. This message only came up for the first time now trying to add a gateway location which already exists in my other account (was deleted in the morning). So what I learned today is that for every public IP address there can only be one gateway defined in the Cloudflare cloud. If this is the case then I will have to merge the two Cloudflare accounts, as you suggested.

Will test and update.

image

1 Like

Issue was with the tunnel token. I uninstalled the tunnel service of team1 running in a Proxmox node behind the remote network (cloudflared service uninstall) and installed the tunnel service of team2 (cloudflared service install tunnel_token_of_team2).

Everything works. So the gateway was not the issue. The issue was the tunnel for the subnet was not initialised from a node behind the subnet.

Thank you all for your suggestions.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.