Setting Up Health Notifications for Your Cloudflare Tunnel
On my current internet connection at home, I do not have direct access to an external IPv4 IP address from my router (only IPv6 is available). Because of this, I am unable to set up my VPN server using WireGuard directly. Therefore, I need to support myself with Cloudflare Zero Trust technology.
Following my guide on how to add a Cloudflare Tunnel to an OpenWrt Router, as a WireGuard VPN alternative, I managed to regain access to my network from outside my home.
There is, however, one issue with this solution.
Using the dedicated Cloudflare One app (or the reconfigured 1.1.1.1 app to use the tunnel), after logging in using my credentials, I can quickly connect to my network.
The only problem is that when you are connected using your app, you cannot be sure if your tunnel is working and you have access to your network without checking.
When you toggle the button in the app, you receive information that you are connected. This only means that your device is connected to the Cloudflare infrastructure.
If your tunnel goes down, your router goes down, or your internet connection at home fails, you will not notice the difference, and you will still see the connected information. Your internet connection remains secured through Cloudflare Zero Trust; however, you do not have access to your local network when your tunnel is down.
The only way to check if everything is working is to load your router homepage (such as 192.168.1.1 for the default IP of an OpenWrt router) in a browser, ping it, or try to access other resources available on your local network.
Another way is to log in to your Zero Trust homepage, navigate to Networks > Tunnels, and check if your tunnel displays status as healthy.
This is a somewhat time-consuming process either way and can be frustrating in situations when you need to quickly gain access, but you cannot.
I experienced this situation recently when the CityFibre box, which sits between the fibre cable leading to my home and the ethernet cable leading to my router, stopped working.
Despite all the lights on this box being green, the router couldn’t access the network.
A power cycle of the CityFibre box solved the problem, but while being outside, despite seeing the connected message, I didn’t realise my tunnel was down.
I thought it would be helpful to know when my tunnel goes down, preferably by email.
In the past, I have been using (and still use) services like UptimeRobot to ping my router’s external IPv4 to know when the internet connection is down.
I have set up a similar approach by pinging my router’s IPv6 address, which seems to be static, but that only provides information when my internet is down.
The cloudflared app runs on my OpenWrt router and sometimes can crash or disconnect, especially when the app performs a self-update from time to time.
It would be nice to know, specifically for Cloudflare Tunnel, when it goes down, when it is degraded for some reason, or when it is back online and active.
Fortunately, there is a solution for that.
Heading to the Cloudflare dashboard, there is a section called Notifications.
Inside, we can Add a notification for a specific product used in the Cloudflare infrastructure.
From the Product dropdown box, select Tunnel to show only the options relevant to what we need.
Currently, the following alert types are available:
- Tunnel Creation or Deletion Event
- Receive an alert when a new tunnel is created or an existing tunnel is deleted.
- Tunnel Health Alert
- Receive an alert regarding the health of a tunnel.
What we need is Tunnel Health Alert.
Let’s Select it and put a friendly and readable Notification name, like Cloudflare Tunnel
.
In Add tunnel(s), tick the box next to your created tunnel.
I also checked Include future tunnels, so the notification will be set once, and we won’t need to amend it whenever we decide to make changes in the tunnels section in the future.
The default option for alerts is set to notify when the tunnel becomes either healthy, degraded, or down. Adjust it according to your preference.
Follow it by setting the Notification email and save by pressing the Save button.
In such a way, your notifications are ready. To see how we will be notified in the future, let’s press the Test button and check our inbox.
In no time, we shall get an email titled [Alert] Tunnel tunnel-name is now degraded (status change). This is how we will be notified when the tunnel is detected to be down, degraded, or back as healthy.
A simple yet useful notification becomes handy and gives you an overview of when you have access to your local resources and when not, despite the app showing a connected status.
Comments & Reactions