cloudflare tunnel over GRE

Started by simoneweb, August 13, 2024, 05:27:21 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 13, 2024, 05:27:21 AM
how do I install the cloudflared service on opensense and be able to establish a tunnel with cloudflare?

I did found this guide: https://www.jackpearce.co.uk/cloudflared-opnsense/

after the installation I coudn't find this folder: cd /usr/ports/security/cloudflared
October 07, 2024, 12:44:48 PM #1
The correct path is /usr/ports/net/cloudflared
October 25, 2024, 10:19:40 PM #2
Just to follow-up with this:

I followed the same aforementioned guide, https://www.jackpearce.co.uk/cloudflared-opnsense/

However, I am getting stuck on the portion:

"nano /usr/local/etc/rc.d/cloudflared modify so that it matches below. We're just removing ${cloudflared_conf} from the command arguments as we're supplying a token instead of using a config.yaml"

I can't seem to get to the config.yaml portion. I followed the steps and was able to do everything prior to without issue. But I guess I'm stuck at step 5
October 26, 2024, 09:53:47 AM #3
Seems to me there's (now) a typo on the page.

The page used to look like this a couple of months back:

https://web.archive.org/web/20240202030437/https://www.jackpearce.co.uk/cloudflared-opnsense/

You can clearly see that the line

Code Select
: ${cloudflared_conf:="/usr/local/etc/cloudflared/config.yml"}

is removed in the "/usr/local/etc/rc.d/cloudflared" file.

On the current version though, the line is not removed any more, which contradicts the accompanying text which states "We're just removing ${cloudflared_conf} from the command arguments".

I just added # at the beginning of this line to comment it out – I prefer it to deleting the line.

I'm not sure what you meant by "I can't seem to get to the config.yaml portion" though, so I'm not sure my comment helps.
June 03, 2025, 12:21:53 AM #4
Dear All,
I was following the same guide on the latest opnsense version, but I struggle due to the following error:

Code Select
ERR Failed to dial a quic connection error="failed to dial to edge with quic: INTERNAL_ERROR (local): tls: CurvePreferences includes unsupported curve"

I am trying to start up the service like this:
Code Select
cloudflared tunnel --post-quantum --no-autoupdate run --token my_token
Any suggestion is highly welcomed!
Thank you in advance!
June 03, 2025, 08:59:42 AM #5
Found the solution.
Cause: outdated go package

How to fix:

Code Select
cd /usr/ports/net/cloudflared
make deinstall
make cleanup

EDIT file:   /usr/ports/net/cloudflared/Makefile
FROM         USES=    cpe go:1.22,modules
TO           USES=    cpe go:1.24,modules

make install

cloudflared tunnel --no-autoupdate run --token MY_TOKEN

OPTIONAL (in case of certificate issues) :
Cloudflare Dashboard -> Tunnels -> EDIT tunnel -> Public Hostnames TAB + EDIT -> TLS -> No TLS Verify: ON
June 23, 2025, 12:04:46 PM #6
Thanks for posting the fix, it does not work for me though:

Code Select
cd /usr/ports/net/cloudflared
make deinstall
make cleanup
vi /usr/ports/net/cloudflared/Makefile
First discrepancy for me: Go Package is 1.20, not 1.22.

Code Select
PORTNAME=       cloudflared
DISTVERSION=    2023.10.0
PORTREVISION=   2
CATEGORIES=     net www

MAINTAINER=     egypcio@FreeBSD.org
COMMENT=        Cloudflare's Argo Tunnel client
WWW=            https://developers.cloudflare.com/argo-tunnel/

LICENSE=        APACHE20
LICENSE_FILE=   ${WRKSRC}/LICENSE

RUN_DEPENDS=    ca_root_nss>=0:security/ca_root_nss

USES=           cpe go:1.20,modules
USE_RC_SUBR=    ${PORTNAME}
USE_GITHUB=     yes
GH_ACCOUNT=     cloudflare
CPE_VENDOR=     cloudflare

GO_PKGNAME=     github.com/${GH_ACCOUNT}/${PORTNAME}
GO_TARGET=      ${GO_PKGNAME}/cmd/cloudflared
GO_BUILDFLAGS=  -ldflags '-s -w -extldflags "-static" -X main.Version=${PORTVERSION}'

PLIST_FILES=    bin/${PORTNAME}

.include <bsd.port.mk>

After editing it to "1.24", make install is failing:

Code Select
$ make install
===>  cloudflared-2023.10.0_2 USES=go has invalid version number: 1.24.
*** Error code 1

Stop.
make: stopped in /usr/ports/net/cloudflared
then I noticed that "make cleanup" also had failed. ("make: don't know how to make cleanup. Stop")

Also interesting, when I do "pkg remove cloudflared", then remove the "/usr/ports/net/cloudflared" folder, "pkg install cloudflared" does not recreate this folder anymore, weirdly.
June 23, 2025, 09:13:30 PM #7
Quote from: 9axqe on June 23, 2025, 12:04:46 PMAlso interesting, when I do "pkg remove cloudflared", then remove the "/usr/ports/net/cloudflared" folder, "pkg install cloudflared" does not recreate this folder anymore, weirdly.

That's expected. The files in /usr/ports/* are files used to create pkg files from source, not the other way around. pkg does not manage any of the files in /usr/ports/. As long as you didn't delete /usr/ports/.git then you can use git to restore the folder you deleted:

Code Select
cd /usr/ports
git checkout /usr/ports/net/cloudflared

Since your cloudflared Makefilewas out of date, you also need to update your ports tree (this is why your Makefile was for 2023.10.0_2, why it wanted to use go1.20 to build, and why make couldn't find 1.24 in your ports tree):

Code Select
cd /usr/ports
git pull

Or you can delete and re-initialize your ports tree with:

Code Select
cd ~
opnsense-code -r ports
opnsense-code ports

Deleting your ports tree does not deinstall any packages you built from ports. Once a package is built, that package is installed/deinstalled via pkg (that is, make deinstall is a helper that calls pkg remove with the correct arguments)
June 23, 2025, 10:40:05 PM #8
Maybe this helps explaining the fundamentals:

https://docs.freebsd.org/en/books/handbook/ports/
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
June 25, 2025, 06:10:00 PM #9
Thanks, I had some difficulties holding pkg and ports apart. Is there a command that allows to tell sw installed from packages and from ports apart?

Problem solved following the above instructions (incrementing go package to 1.24). Thanks!
June 25, 2025, 09:29:22 PM #10
Quote from: 9axqe on June 25, 2025, 06:10:00 PMThanks, I had some difficulties holding pkg and ports apart. Is there a command that allows to tell sw installed from packages and from ports apart?

No, because the ports system is what creates the packages which are then installed.

So "pkg add foo" --> install package from configured repository.

"cd /usr/ports/bar/foo; make install" --> build package locally, then install that just as if it had been from the repo.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions