Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON credentials differ when re-downloading existing tunnel credentials via cloudflared tunnel token #1383

Open
jyundt opened this issue Dec 29, 2024 · 0 comments
Open

JSON credentials differ when re-downloading existing tunnel credentials via cloudflared tunnel token #1383

jyundt opened this issue Dec 29, 2024 · 0 comments
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working

Comments

@jyundt
Copy link

jyundt commented Dec 29, 2024

Describe the bug
The JSON objects returned between these two commands do not seem to match:

# cloudflared tunnel token $TUNNEL_ID | base64 -d > foo.json

vs

# cloudflared tunnel token --cred-file foo.json $TUNNEL_ID

I first noticed this because credentials that I re-fetched from an existing tunnel were failing to start the existing tunnel.

Specifically, the keys appear to be different:

jyundt@athena:~/.cloudflared$ cloudflared tunnel token  4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba | base64 -d
{"a":"05a2023b115696FOO","s":"BAR","t":"4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba"}jyundt@athena:~/.cloudflared$ 

jyundt@athena:~/.cloudflared$ cloudflared tunnel token --cred-file 4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba.json 4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba
jyundt@athena:~/.cloudflared$ cat 4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba.json 
{"AccountTag":"05a2023b115696FOO","TunnelSecret":"BAR","TunnelID":"4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba"}jyundt@athena:~/.cloudflared$
Without --cred-file With --cred-file
a AccountTag
s TunnelSecret
t TunnelID

To Reproduce
Steps to reproduce the behavior:
1.Create tunnel FOO on Machine A
2.Re-fetch token for tunnel FOO on Machine B using cloudflared tunnel token $TUNNEL_ID | base64 -d > foo.json
3. Attempt to to start tunnel FOO, observe errors (specifically: ERR Failed to serve tunnel connection error="context canceled" connIndex=0 event=0 ip=198.41.200.53)

If it's an issue with Cloudflare Tunnel:
4. Tunnel ID :
5. cloudflared config:

Expected behavior
cloudflared tunnel token $TUNNEL_ID should return the same JSON (but presumably base64 encoded?) compared to cloudflared tunnel token --cred-file foo.json $TUNNEL_ID

Environment and versions

  • OS: Ubuntu 22.04
  • Architecture: amd64
  • Version: 2024.12.2

Logs and errors
This is the original cloudflared tunnel run error I was getting with the incorrect JSON credential:

jyundt@athena:~/.cloudflared$ cloudflared tunnel --loglevel debug run
2024-12-29T22:26:57Z DBG Loading configuration from /home/jyundt/.cloudflared/config.yml
2024-12-29T22:26:57Z INF Starting tunnel tunnelID=4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba
2024-12-29T22:26:57Z INF Version 2024.12.2 (Checksum 5237675a5e806120729acc78c5be02f9db5f406717699587abfa72b49b39fe40)
2024-12-29T22:26:57Z INF GOOS: linux, GOVersion: go1.22.5, GoArch: amd64
2024-12-29T22:26:57Z INF Settings: map[cred-file:/home/jyundt/.cloudflared/4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba.json credentials-file:/home/jyundt/.cloudflared/4ca1797d-1f38-4eb8-8ce6-9cf5ea61a9ba.json loglevel:debug url:http://localhost:8000]
2024-12-29T22:26:57Z INF Generated Connector ID: 77c09e51-ccda-4266-8b52-9e4fdc1263d9
2024-12-29T22:26:57Z INF cloudflared will not automatically update if installed by a package manager.
2024-12-29T22:26:57Z DBG Fetched protocol: quic
2024-12-29T22:26:57Z INF Initial protocol quic
2024-12-29T22:26:57Z INF ICMP proxy will use 192.168.67.160 as source for IPv4
2024-12-29T22:26:57Z INF ICMP proxy will use fe80::31f3:e0f1:c9fc:592f in zone wlp170s0 as source for IPv6
2024-12-29T22:26:57Z DBG failed to create ICMPv6 proxy, only ICMPv4 proxy is created error="bind: invalid argument"
2024-12-29T22:26:57Z DBG edge discovery: looking up edge SRV record domain=_v2-origintunneld._tcp.argotunnel.com event=0
2024-12-29T22:26:57Z DBG edge discovery: resolved edge addresses addresses=["198.41.192.47","198.41.192.57","198.41.192.7","198.41.192.37","198.41.192.67","198.41.192.27","198.41.192.77","198.41.192.167","198.41.192.107","198.41.192.227","2606:4700:a0::9","2606:4700:a0::2","2606:4700:a0::1","2606:4700:a0::10","2606:4700:a0::4","2606:4700:a0::3","2606:4700:a0::6","2606:4700:a0::8","2606:4700:a0::7","2606:4700:a0::5"] event=0
2024-12-29T22:26:57Z DBG edge discovery: resolved edge addresses addresses=["198.41.200.193","198.41.200.233","198.41.200.73","198.41.200.63","198.41.200.53","198.41.200.33","198.41.200.13","198.41.200.113","198.41.200.23","198.41.200.43","2606:4700:a8::4","2606:4700:a8::2","2606:4700:a8::8","2606:4700:a8::5","2606:4700:a8::9","2606:4700:a8::7","2606:4700:a8::10","2606:4700:a8::1","2606:4700:a8::6","2606:4700:a8::3"] event=0
2024-12-29T22:26:57Z DBG edge discovery: looking up edge SRV record domain=_v2-origintunneld._tcp.argotunnel.com event=0
2024-12-29T22:26:57Z INF ICMP proxy will use 192.168.67.160 as source for IPv4
2024-12-29T22:26:57Z INF ICMP proxy will use fe80::31f3:e0f1:c9fc:592f in zone wlp170s0 as source for IPv6
2024-12-29T22:26:57Z INF Starting metrics server on 127.0.0.1:20241/metrics
2024-12-29T22:26:57Z DBG edge discovery: resolved edge addresses addresses=["198.41.192.47","198.41.192.107","198.41.192.57","198.41.192.227","198.41.192.77","198.41.192.27","198.41.192.67","198.41.192.167","198.41.192.7","198.41.192.37","2606:4700:a0::4","2606:4700:a0::1","2606:4700:a0::10","2606:4700:a0::8","2606:4700:a0::9","2606:4700:a0::5","2606:4700:a0::2","2606:4700:a0::3","2606:4700:a0::7","2606:4700:a0::6"] event=0
2024-12-29T22:26:57Z DBG edge discovery: resolved edge addresses addresses=["198.41.200.113","198.41.200.193","198.41.200.23","198.41.200.33","198.41.200.13","198.41.200.63","198.41.200.43","198.41.200.233","198.41.200.53","198.41.200.73","2606:4700:a8::6","2606:4700:a8::2","2606:4700:a8::3","2606:4700:a8::5","2606:4700:a8::8","2606:4700:a8::9","2606:4700:a8::10","2606:4700:a8::7","2606:4700:a8::1","2606:4700:a8::4"] event=0
2024-12-29T22:26:57Z DBG edge discovery: giving new address to connection connIndex=0 event=0 ip=198.41.200.23
2024/12/29 17:26:57 failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.
2024-12-29T22:26:57Z DBG Received transport parameters: MaxUDPPayloadSize=1396, MaxIdleTimeout=5s, MaxDatagramFrameSize=16383 connIndex=0 event=0 ip=198.41.200.23
2024-12-29T22:26:57Z ERR Failed to serve tunnel connection error="context canceled" connIndex=0 event=0 ip=198.41.200.23
2024-12-29T22:26:57Z DBG Serve tunnel error error="context canceled" connIndex=0 event=0 ip=198.41.200.23
2024-12-29T22:26:57Z INF Retrying connection in up to 2s connIndex=0 event=0 ip=198.41.200.23
2024-12-29T22:26:58Z INF Tunnel server stopped
2024-12-29T22:26:58Z ERR Initiating shutdown error="context canceled"
2024-12-29T22:26:58Z ERR icmp router terminated error="context canceled"
2024-12-29T22:26:58Z INF Metrics server stopped
context canceled
jyundt@athena:~/.cloudflared$

Additional context
Add any other context about the problem here.
@jyundt jyundt added Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working labels Dec 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: Normal Minor issue impacting one or more users Type: Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jyundt