Closed fastily closed 5 months ago
Hi, The issue you are describing seems to be related with the OVH Edge Firewall blocking the requests of cloudflared to Cloudflare API's. There is probably some rule that you need to add to the firewall to allow the traffic to passthrough. Most of the discussions you linked are reaching the same conclusion. Since this isn't a bug with cloudflared I will close the issue. If you discover the solution, feel free to share it with the community.
If you discover the solution
@jcsf I guess I should clarify. The solution is already known: run cloudflare tunnel with --protocol http2
. I'm not interested in opening up more ports on my firewall; that's not great for security, increases my maintenance overhead, and isn't necessary to get a working tunnel anyways.
Based on the docs, it seems like cloudflared defaults to QUIC, but falls back to http2 if QUIC isn't working. This automatic fallback behavior doesn't seem to be working on OVH hosts and I was hoping you could investigate. Thanks
Hello, If you're using OVH’s Edge Network Firewall, you may want to add or allow Cloudflare’s IPv4 address list. You can find the list of Cloudflare IP addresses here: https://www.cloudflare.com/ips/ Hope this helps!
Describe the bug I'm unable to setup or use
cloudflared
on an OVH VPS if I have also enabled the OVH Edge Network Firewall.To Reproduce Steps to reproduce the behavior:
sudo cloudflared service install <YOUR_TOKEN>
command generated by the dashboard when you created your Cloudflare tunnel.If it's an issue with Cloudflare Tunnel:
Expected behavior
cloudflared service install
should successfully configure the tunnel and exitEnvironment and versions
Logs and errors None, because the above command hangs
Additional context Workaround is to disable the OVH Edge Network Firewall when setting up the Cloudflare tunnel service for the first time. Once the command exits, edit
/etc/systemd/system/cloudflared.service
so that theExecStart
line includes the--protocol http2
argument when startingcloudflared
. Example line with the changes:Be sure to reload the daemon (
sudo systemctl daemon-reload
) and restart the systemd cloudflared service after making this change.