External access via CGNAT network.

Caged said:
www.cloudflare.com

Tunnel | Zero Trust App Connector

Connect applications, servers, and other resources to Cloudflare's network via encrypted outbound tunnels. No publicly routable IPs or VMs required.
www.cloudflare.com www.cloudflare.com
Click to expand...
Oh wow that might work. I guess Cloudfare would would give me a static IP I can use on my DNS for the hosting sofe of things and presume there is some config on the software from Cloudflare for it to connect to my server
 
Erm yeah that’s hard to pick one said:
Oh wow that might work. I guess Cloudfare would would give me a static IP I can use on my DNS for the hosting sofe of things and presume there is some config on the software from Cloudflare for it to connect to my server
Click to expand...

Not quite. It's all FQDN based and configured in the Cloudflare portal.

The IP addresses behind the FQDN's are reasonably dynamic (dual homed too, so there will be IPv4 & IPv6 addresses) so forget about accessing stuff by IP. You'll also have to have a domain that lives on Cloudflare's DNS servers, you can't have your DNS elsewhere and use that domain for Cloudflare tunnels. Initially I bought a new domain through Cloudflare just for the tunnel access but have since moved all my domains over to Cloudflare.

Software wise you need to install cloudflared somewhere at your end of the tunnel. I've got it on the same Raspberry Pi that I'm running PiVPN (note to self - investigate alternatives) and it's working fine.
 
the-evaluator said:
Not quite. It's all FQDN based and configured in the Cloudflare portal.

The IP addresses behind the FQDN's are reasonably dynamic (dual homed too, so there will be IPv4 & IPv6 addresses) so forget about accessing stuff by IP. You'll also have to have a domain that lives on Cloudflare's DNS servers, you can't have your DNS elsewhere and use that domain for Cloudflare tunnels. Initially I bought a new domain through Cloudflare just for the tunnel access but have since moved all my domains over to Cloudflare.

Software wise you need to install cloudflared somewhere at your end of the tunnel. I've got it on the same Raspberry Pi that I'm running PiVPN (note to self - investigate alternatives) and it's working fine.
Click to expand...
I see they offer a docker option so that works. Shame about the domain. That might be a problem. I do have ZeroTier. I wonder if I can do anything with that.

Thank you for a good quality reply covering some details.
 
Last edited:
Erm yeah that’s hard to pick one said:
I see they offer a docker option so that works. Shame about the domain. That might be a problem. I do have ZeroTier. I wonder if I can do anything with that.

Thank you for a good quality reply covering some details.
Click to expand...

Yeah, there's several ways you can run cloudflared.

Needing a domain on their DNS servers wasn't a problem for me, they sell domains at cost (I think) so I just had to remember to use mydomain.cloud instead of mydomain.com for accessing stuff at the home end of the tunnel.
 
Erm yeah that’s hard to pick one said:
By chance cloud flare doesn’t give you an IP you can use do they. Now if they do that would world a so can update my host on the dns to use that like in was at home
Click to expand...

Not as far as I know. There is of course an IP address behind the FQDN (2 x IPv4 & 2 x IPv6) but I haven't tried doing anything with them directly. If I get a chance later this afternoon I'll see what I can do with them.

I'm fairly sure they're quite dynamic though and I see a 300s TTL.
 
You don't have to change your domain or transfer it anywhere, the only requirement is that you use Cloudflare as your name server.
 
On Holiday said:
Why not just use regular web-hosting or a VPS for this?
Click to expand...
Because there is a large amount of hardware attached to the server that’s makes the server what it is and also the location of it.
the-evaluator said:
Not as far as I know. There is of course an IP address behind the FQDN (2 x IPv4 & 2 x IPv6) but I haven't tried doing anything with them directly. If I get a chance later this afternoon I'll see what I can do with them.

I'm fairly sure they're quite dynamic though and I see a 300s TTL.
Click to expand...

Fact looking at my DNS settings for my domain I could use the cloudflare site as well.
Caged said:
You don't have to change your domain or transfer it anywhere, the only requirement is that you use Cloudflare as your name server.
Click to expand...
Oh right got that option as well on my domain.
 
As @Caged says, you just need to make Cloudflare your DNS provider for your domain rather than transfer the domain to them (ie - CF acting as registra). It's a near enough painless experience with setup as their wizard handles it all, especially importing existing DNS records.

Alternatively, create a VPN server somewhere and tunnel to it; i'm sure you could even use one of the free-tiers from AWS/Azure/Google/Oracle etc.
 
I just sat down to give this a go and stuck right away as after making the account and logging in the section you need is pretty hidden. I think i was doing it right but right away limited on network names and then it wanted payment even for a free option which is a joke. Not something I was willing to do. Nor could I find anything on youtube for it.

I did try my Zero Tier option via DNS and that works but need to have ZT on the accessing device so that defeated the object
 
You must log in or register to reply here.
Back
Top Bottom