Configure tunnel endpoints
Cloudflare recommends two tunnels for each ISP and network location router combination, one per Cloudflare endpoint. Cloudflare will assign two Cloudflare endpoint addresses shortly after your onboarding kickoff call that you can use as the tunnel destinations on your network location’s routers/endpoints.
To configure the tunnels between Cloudflare and your locations, you must provide the following data for each tunnel:
- Customer edge IP address — A public Internet routable IP address that is outside of the prefixes Cloudflare will advertise on your behalf. These are generally IP addresses provided by your ISP. If you intend to use a physical or virtual connection (Cloudflare Network Interconnect), you do not need to provide edge addresses. Cloudflare will provide them.
- Interface address — A 31-bit subnet (
/31
in CIDR notation) supporting two hosts, one for each side of the tunnel. Select the subnet from the following private IP space:10.0.0.0
–10.255.255.255
172.16.0.0
–172.31.255.255
192.168.0.0
–192.168.255.255
169.254.244.0/20
- Private IP addresses — The private IP address assigned to the Cloudflare and customer sides of the tunnel
Edge routing configuration example
Tunnel | Customer edge IP | Private subnet | Customer private IP | Cloudflare private IP |
---|---|---|---|---|
TNL_1_IAD | 104.18.112.75 | 10.10.10.100/31 | 10.10.10.100 | 10.10.10.101 |
TNL_2_IAD | 104.18.112.75 | 10.10.10.102/31 | 10.10.10.102 | 10.10.10.103 |
TNL_3_ATL | 104.40.112.125 | 10.10.10.104/31 | 10.10.10.104 | 10.10.10.105 |
TNL_4_ATL | 104.40.112.125 | 10.10.10.106/31 | 10.10.10.106 | 10.10.10.107 |
Add tunnels
- Log in to your Cloudflare dashboard, and select your account.
- Select Magic WAN > Manage Magic WAN configuration > Configure.
- From the Tunnels tab, select Create.
- On the Add tunnels page, choose either a GRE tunnel or IPsec tunnel.
GRE tunnel
- On the Add GRE tunnels page, fill out the information for your GRE tunnel.
- (Optional) We recommend you test your tunnel before officially adding it. To test the tunnel, select Test tunnels.
- To add multiple tunnels, select Add GRE tunnel for each new tunnel.
- After adding your tunnel information, select Add tunnels to save your changes.
IPsec tunnel
- On the Add IPsec tunnels page, fill out the information for your IPsec tunnel.
- (Optional) We recommend you test your tunnel before officially adding it. To test the tunnel, select Test tunnels.
- To add multiple tunnels, select Add IPsec tunnel for each new tunnel.
- After adding your tunnel information, select Add tunnels to save your changes.
Edit tunnels
- From Tunnels, locate the tunnel you want to modify and select Edit. To edit multiple tunnels, select the checkboxes for each tunnel and then select Edit selected tunnels.
- On the Edit tunnels page, fill out the fields you want to modify.
- (Optional) We recommend you test your tunnel before officially adding it. To test the tunnel, select Test tunnels.
- After adding your information, select Edit tunnels to save your changes.
Note that you cannot edit the Cloudflare endpoint associated with your tunnel.
Delete tunnels
- From Tunnels, locate the tunnel you want to modify and select Delete.
- Confirm the action by selecting the checkbox and selecting Delete.