Hacker News

We're using Cloudflare Zero Trust quite extensively, and I find them quite easy to use. Works perfectly from AWS as well, all their endpoints have both IPv4 and IPv6 IPs.

linsomniac 3 days ago [ - ]

Maybe the tunnel they provisioned for me was just broken, because:

    $ host -t A 9c8855f1-e47f-47bf-9e0e-66938be0f076.cfargotunnel.com
    9c8855f1-e47f-47bf-9e0e-66938be0f076.cfargotunnel.com has no A record
    $ host -t AAAA 9c8855f1-e47f-47bf-9e0e-66938be0f076.cfargotunnel.com
    9c8855f1-e47f-47bf-9e0e-66938be0f076.cfargotunnel.com has IPv6 address fd10:aec2:5dae::
    $ telnet -6 9c8855f1-e47f-47bf-9e0e-66938be0f076.cfargotunnel.com 443
    Trying fd10:aec2:5dae::...
    telnet: Unable to connect to remote host: Connection timed out

I got the cloudflared running fairly easily (though their Debian package repo seemed broken and they didn't have an option listed on the setup page for downloading just the binary, I was able to find it after some searching). That part went smoothly, I just couldn't connect to the tunnel they provisioned.

johncolanduoni 3 days ago [ - ]

It’s confusing, but those tunnels are not designed to be used directly - you’re supposed to use them as an origin in a DNS record or hit them from a worker. The IPv6 address you’re getting there is actually a private (ULA) address and will not be reachable via the internet. I’m not sure why they return it at all.