Cloudflare DevelopersCD
Cloudflare Developers2y ago
markllama

Tunnel endpoint IP is excluded from tunnel?

TL;DR:

One IP address that should be included in a tunnel is instead routed to local default route.
All others are tunneled as expected. This behavior started suddenly 3 days ago after working as expected for almost a month.

MacOS warp client

-------

I have a tunnel set up with a pair of hosts running cloudflared for redundency. I am running warp ZT on MacoOS for the client side. It's all working as expected with one exception:

3 days ago direct ssh to one of the tunnel (tunnel2) hosts stopped connecting. The other (tunnel1) is still accessible and I can reach and examine tunnel2 by logging into tunnel1 and then across to tunnel2.

What I see if I traceroute to it is that the IP is excluded from the tunnel despite no exclude rule for the host or IP address:

traceroute 10.193.130.52
traceroute to 10.193.130.52 (10.193.130.52), 64 hops max, 40 byte packets
 1  192.168.2.1 (192.168.2.1)  1.772 ms  0.415 ms  0.299 ms
 2  192.168.1.1 (192.168.1.1)  0.751 ms  0.930 ms  0.830 ms
 3  lo0-100.bstnma-vfttp-339.verizon-gni.net (71.174.61.1)  2.045 ms  1.831 ms  1.688 ms


While the other tunnel host gets on traceroute response (because the tunnel doesn't pass ICMP)

 traceroute 10.193.130.50
traceroute to 10.193.130.50 (10.193.130.50), 64 hops max, 40 byte packets
 1  162.158.10.107 (162.158.10.107)  5.845 ms  4.189 ms  5.011 ms



As far as I can tell the tunnel daemons are working fine and the tunnel service and the network profile are fine and al the users are happy.

When I try to ping tunnel2 I get a different response than tunnel1. (tunnel1 gets a response from
Was this page helpful?