Establish Argo Tunnel and combine with Chisel
The free Argo tunnel when used with IPv4 can only be used for HTTP(S) traffic and not directly TCP, since that would require too many unique IPs for each port. Argo tunnel gets around this restriction by using hostnames as part of the HTTP protocol.
I've only tested setting this up on Linux (Ubuntu), but both Cloudflared and Chisel should work on Windows as well.
Long story short: We can still tunnel TCP but by using HTTP. We do this by combining Argo tunnel with Chisel.
Regular web-servers do not require Chisel as Cloudflare can easily forward them directly to their origins.
Set up Argo tunnel
Make sure you point the DNS of a domain to be used with Cloudflare. In my case, I needed to configure it at the nameserver at the registry. Later I can set up subdomains etc. directly in the Cloudflare interface.
Installing cloudflared
Read how to install cloudflared (can be used standalone and to install service later)
Configure tunnels and set up a service daemn
The official guide for setting up a tunnel can be found by clicking here
The official guide for setting up a service can be found by clicking here
cloudflared service install
cloudflared login
cd ~/.cloudflared
sudo cp * /etc/cloudflared/
cd /etc/cloudflared/
sudo touch config.yml
nano config.yml
---
tunnel: myubuntumachine
credentials-file: /etc/cloudflared/232323232-1111-1111-2222-d2232323232.json
logfile: /var/log/cloudflared.log
transport-loglevel: error
ingress:
- hostname: www.mydomain.dk
service: http://localhost:8080
- hostname: ssh.mydomain.dk
service: ssh://localhost:22
- service: http_status:404
---
Install Cloudflare on the server and setup tunnels
Testing it out with Chisel
Launch a "test server" on port 8090 (this could be any sort of tcp or http server):
sudo busybox httpd -p 8090
sudo -i
curl https://i.jpillora.com/chisel! | bash
sudo chisel client http://www.mydomain.com 8090
Useful commands that may come in handy
$ cloudflared tunnel list
$ cloudflared tunnel info myubuntumachine
sudo service cloudflared start
sudo cloudflared tunnel --config config.yml run
cloudflared tunnel route dns myubuntumachine www.mydomain.dk
cloudflared tunnel --hostname test.mydomain.dk --url http://localhost:8080
tail -f /var/log/cloudflared.log
Access restrictions through webportal (not necessary at all)
If you wish to restrict access, you can do so this way:
https://developers.cloudflare.com/access/videos/configuring-access
Windows Chisel
It seems to work, but at the moment Windows detects the file as unsafe, so I only ran it in a sandboxo
Alternatives?
I would recommend Zerotier or Tailscale for most usecases of connecting devices and networks. They both rely on some central components, but so does Cloudflare.
Nebula:
https://github.com/slackhq/nebula
https://theorangeone.net/posts/nebula-intro/
Comments
Post a Comment