Zero Trust WARP Tunnel UDP packet too large

What is the name of the domain?

baytechnologies.tech

What is the error message?

{ “ip”: “198.41.192.77”, “connIndex”: 3, “sessionID”: “9d6fbecd-3ef7-4686-90fb-73fdf3c5ec4c”, “error”: “origin UDP payload has 1232 bytes, which exceeds transport MTU 1200” }

What is the issue you’re encountering

UDP packets are not coming through for RDP

What steps have you taken to resolve the issue?

We have Zero Trust setup with cloudfared WARP on our Remote Desktop Server. It works fine and you can connect to the Remote Desktop Server via Cloudflare WARP (Zero Trust Tunnel) with a TCP connection - however, UDP connection does not work. Typically, right after you connect to your Remote Desktop Session, the Remote Desktop Client will try to also create a UDP connection to help improve the experience - however, when the UDP connection is attempted, the Cloudflare Connector Log shows this:

Initial “Info” event:
Event
tcp

Message
tcp proxy stream started

Time
Sep 3 2024 • 21:50:57

Overview
JSON
{
“connIndex”: 0,
“originService”: “warp-routing”,
“flowID”: “68fd08f3-54e2-4925-9055-fda22118394d”,
“destAddr”: “10.10.11.11:3389”
}

Then, right after, an error is logged like this:
Event
udp

Message
Failed to send session payload from destination to transport

Overview
{
“ip”: “198.41.192.77”,
“connIndex”: 3,
“sessionID”: “9d6fbecd-3ef7-4686-90fb-73fdf3c5ec4c”,
“error”: “origin UDP payload has 1232 bytes, which exceeds transport MTU 1200”
}

It seems it does UDP packet exceeds 1200. How do I fix this? Is it possible to increase this on Windows or Cloudflare tunnel somehow?

Thanks in advanced. :slight_smile:

Hi @cdavis1,

Unfortunately, it is not possible to increate the UDP packets in WARP. You can manually set the MTU on your device’s network interface, but this may not directly affect WARP’s tunnel. However, it might help with certain performance issues on your local network.

Hello,

I changed our MTU down to 1200 from 1500 and indeed the error went away, but still UDP tunnel is not getting created from RDP. It works when not on Cloudflare WARP.

Do you have any other ideas or suggestions on how to make UDP with RDP work?

Thanks!

Following up on this.

The problem is that if we set the MTU size in Windows Server to 1200, Cloudflared tunnel will not connect with QUIC protocol - it seems that QUIC wants to use minimum 1300 MTU size other wise you will get the error “ERR Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=0 event=0 ip=198.41.192.67”

However, if you increase the MTU size to 1300 or greater, when you use RDP with UDP, you will see the error in the cloudflared log “ERR Failed to send session payload from destination to transport error=“origin UDP payload has 1232 bytes, which exceeds transport MTU 1200” connIndex=2 event=3” the moment that RDP tries to setup the UDP connection.

So I’m a bit at a loss as to what to try next. Seems like UDP with RDP should be a pretty basic thing that Cloudflare Tunnels should be supporting.