Troubleshooting and common errors for tunnels

Troubleshooting 

💡Note

Container connectivity 

Check that your container is active. For example, if you're using Docker, you can use the following command to check the status and how long it's been up:

docker ps

Container logs 

You can also tail the logs to check for any errors. Here's another Docker example:

docker logs <container name or container id> --tail all

If there isn't enough detail, you can specify the log level you need using the environment variable TUNNEL_LOGLEVEL when starting a container. We recommend turning off the debug logs, since the debug logs can container sensitive information. The levels correlate to Cloudflare tunnel log levels.

docker run \
  --env TINES_TUNNEL_SECRET="secret" \
  --env TUNNEL_LOGLEVEL=debug \
  tines/tines-tunnel:latest

Tunnel connectivity 

Check that your tunnel is healthy using the admin page that lists tunnel health statuses.

Action configuration 

Check that your action is configured with the correct URL to your private network system by using curl from within your container.

If you can see an error in the action log, check the common errors below to help diagnose the issue.

Common Errors 

Commonly encountered errors when using a tunnel in your HTTP Request or Send Email Action and how to troubleshoot.

TUNNEL_CONNECTION_ERROR 

We were unable to establish a tunnelled connection for tunnelName

This may be an issue with either the endpoint being called from the action request or the tunnel being down.

Please check the following:

  1. Your tines-tunnel container is active.

  2. The tunnel is properly configured and healthy.

  3. The action request endpoint used is a valid hostname and url.

You can see the health status of your tines tunnel by visiting /admin/tunnel and viewing the tunnel status.

TUNNEL_CONNECTION_ERROR: Exception encountered is: Connection reset by peer - SSL_connect 

We were unable to establish a tunnelled connection to the tunnel container or the remote origin behind the tunnel container. This error likely indicates that the TCP/TLS handshake between Tines and the remote origin failed. To remediate the issue please check the following:

  1. Your tines-tunnel container is active.

  2. The tunnel is properly configured and healthy.

  3. You are able to send a curl or similar to the remote origin from within the tunnel container.

  4. The action request endpoint used is a valid hostname and url.

You can see the health status of your tines tunnel by visiting /admin/tunnel and viewing the tunnel status. If the issue persists, please reach out to our support team.

TUNNEL_OPEN_TIMEOUT_ERROR 

We encountered a timeout while opening the tunnel connection for tunnelName.

This may be an issue with either the endpoint being called from the action request or the tunnel being down.

Please check the following:

  1. Your tines-tunnel container is active.

  2. The tunnel is properly configured and healthy.

  3. The action request endpoint is a valid hostname and url.

You can see the health status of your tines tunnel by visiting /admin/tunnel and viewing the tunnel status.

If the tunnel is configured correctly, the server may not be responding promptly.

To troubleshoot further:

  1. Copy your Tines Action as a curl command and run it in your container (on your server).

  2. If it works, it's likely a timeout issue. Increase the timeout on your HTTP Request Action to at least 60 seconds.

SSL_ERROR 

An SSL connection error was returned for the request.

SSL certificate verification failed. This may be caused by an outdated SSL certificate, incorrect URL, network issues, or misconfigurations.

To resolve, check the following:

  1. Renew or Update SSL Certificate: Ensure it's current.

  2. Check URL and Parameters of action request are correct.

  3. Network Configuration: Inspect for issues.

  4. Disable SSL verification temporarily: Consider setting disable_ssl_verification to true, in the action options.

TINES_TUNNEL_SECRET environment variable has an invalid value. 

This might happen if you're using Docker secrets to store variables. Check that you're setting a secret-env at /run/secrets/secret-env.

unknown protocol 

If the tunnel is failing to connect to Cloudflare servers, you can try switching to a different protocol using the  https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-run-parameters/#protocol. For some customers, quic does not work but http2 does.

Was this helpful?