Migrating client-side Cloudflared SSH to SSH Access for Infrastructure
In my Cloudflare Zero Trust team, I have four servers which are connected to Cloudflare with Cloudflare Tunnel, but otherwise don't talk to each other. We set them up using client-side
cloudflared for SSH, which I see is now marked as "legacy", so I'm trying to migrate them to SSH with Access for Infrastructure. I've managed to connect my laptop to the network using WARP, but I've got stuck on Step 3, "Route Server IPs Through WARP". It says "you must configure WARP so that the IP/CDIR of your SSH server routes through WARP as well."
It seems to be assuming that the servers are already connected via some local network? Can I still use Access for infrastructure if they're not? My servers aren't connected by an internal network, but they're also not accessible from public IPs: everything is protected by Cloudflare Access. How am I supposed to set them up in this case?Cloudflare Docs
SSH with Access for Infrastructure (recommended)
Access for Infrastructure provides granular control over how users can connect to your SSH servers. This feature uses the same deployment model as WARP-to-Tunnel but unlocks more policy options and command logging functionality.
1 Reply
I gave each individual server a single address from RFC 1918 space and that seemed to do the trick