Configuring secure alternative to traditional VPNs

Learn about the prerequisites, installation, authentication, configuration, and running of Cloudflared as a Windows service for a secure Zero Trust solution connecting your local services to the internet

NetCrunch offers the NetCrunch Connection Cloud, which allows secure, zero-configuration connectivity from anywhere to the NetCrunch Server using either the NetCrunch web console or the desktop console. It can be also used for connecting monitoring probes installed in remote sites. NetCrunch Connection Cloud leverages CDN technology to ensure the best experience when working with NetCrunch, regardless of the server's or user's location.

However, if you prefer using another secure Zero Trust solution, you can opt for Cloudflare Tunnel. This guide will walk you through setting up a Cloudflare Tunnel to provide secure remote access to the NetCrunch console.

Prerequisites

Before you begin, ensure you have the following:

• A Cloudflare account
• Admin rights on your Windows system
• Internet access

Step 1: Download and Install Cloudflared

1. Visit the Cloudflare Downloads page.
2. Download the cloudflared executable for Windows.
3. Extract the downloaded ZIP file.
4. Move the cloudflared.exe file to a directory, for example, C:\Cloudflared\bin.

Step 2: Authenticate Cloudflared

1. Open a Command Prompt as an administrator.
2. Navigate to the directory where cloudflared.exe is located.
3. Authenticate cloudflared with your Cloudflare account by running cloudflared tunnel login. This command will open a browser window and prompt you to log in to your Cloudflare account and select a domain.

Step 3: Create and Configure a Tunnel

1. Create a new tunnel by running cloudflared tunnel create <TUNNEL_NAME>. Replace <TUNNEL_NAME> with your desired tunnel name.
2. Configure the tunnel to route traffic by running cloudflared tunnel route dns <TUNNEL_NAME> <SUBDOMAIN.YOURDOMAIN.COM>. Replace <SUBDOMAIN.YOURDOMAIN.COM> with the subdomain you want to route traffic through.
3. Create a configuration file (config.yml) in the C:\Cloudflared\bin directory. Example: yaml tunnel: your_tunnel_id credentials-file: C:\Users\your_username\.cloudflared\your_tunnel_id.json ingress: -hostname: subdomain.yourdomain.com -service: http://localhost:8080 -service: http_status:404

Step 4: Run the Tunnel

To run the tunnel, execute the following command in the Command Prompt: cloudflared tunnel run <TUNNEL_NAME>.

Step 5: Check Tunnel Status

To verify that the tunnel is running correctly, use cloudflared tunnel info <TUNNEL_NAME>. This will display the status and details of the tunnel.

Running Cloudflared as a Windows Service

To ensure cloudflared runs continuously and restarts automatically, you can set it up as a Windows service.

Step 1: Create a Startup Script

Create a script named start_cloudflared.bat with the following content:

@echo off
cd /d C:\Cloudflared\bin
cloudflared.exe tunnel run <TUNNEL_NAME>

Replace <TUNNEL_NAME> with your tunnel name.

Step 2: Register the Service

Open a Command Prompt as an administrator and run sc create CloudflaredTunnel binPath= "C:\Cloudflared\bin\start_cloudflared.bat" start= auto. This command registers the start_cloudflared.bat script as a service named CloudflaredTunnel.

Step 3: Start the Service

Start the newly created service with sc start CloudflaredTunnel.

Managing the Service

You can manage the service using the Services management console (services.msc), where you can start, stop, and configure the service properties as needed.

Additional Information for NetCrunch Users

NetCrunch's web console is available by default on port 80. If the user has a qualified certificate, they can make the web console available on port 443. The desktop console is available on port 12009. Both the web console and desktop console ports can be changed if needed.

How to Enable NetCrunch Connection Cloud

To enable NetCrunch Connection Cloud for secure, zero-configuration access, follow these steps:

1. Open the NetCrunch Console.
2. Navigate to the "Settings" menu and enable "Connection Cloud".

By using NetCrunch Connection Cloud, you can securely connect to your NetCrunch server from anywhere without needing to manually configure ports or security settings. This service uses a CDN to optimize performance and ensure a seamless experience regardless of your or your server's location.

Conclusion

By following these steps, you’ve set up and configured a Cloudflare Tunnel. Running cloudflared as a service ensures your tunnel remains active and automatically restarts if your system reboots. This setup provides a secure and reliable connection to Cloudflare’s global network, enhancing the security and performance of your local services.