Describe the bug
The cloudflared metrics endpoint (/metrics) reports cloudflared_tunnel_ha_connections 1 even though no QUIC connections to the Cloudflare edge have been successfully established. All connection attempts are failing with timeout: no recent network activity, yet the cloudflared_tunnel_ha_connections gauge incorrectly shows 1 active HA connection instead of 0.
To Reproduce
Steps to reproduce the behavior:
- Configure a Cloudflare Tunnel using a tunnel token (remotely managed) with metrics enabled on
0.0.0.0:7013
- Start
cloudflared in an environment where QUIC connections to the Cloudflare edge time out (e.g., firewall blocking UDP to Cloudflare edge IPs)
- Observe repeated
ERR Failed to dial a quic connection errors in the logs — no connection is ever successfully established
- Query the metrics endpoint at
http://<host>:7013/metrics
- Observe that
cloudflared_tunnel_ha_connections reports 1 despite zero successful connections
Expected behavior
When all QUIC connection attempts to the Cloudflare edge fail and no tunnel connections are active, the metric cloudflared_tunnel_ha_connections should report 0, not 1. The gauge should only increment once a connection is successfully established, and should accurately reflect the number of active HA connections at any given time.
Environment and versions
| Field |
Value |
| OS |
Docker container deployment on Debian 12 |
| Architecture |
AMD64 |
| Version |
2026.3.0 |
| Protocol |
QUIC |
Additional context
This machine would have had access to port cloudflare services on 80:443, but not the additional ports used, e..g 7844
Describe the bug
The
cloudflaredmetrics endpoint (/metrics) reportscloudflared_tunnel_ha_connections 1even though no QUIC connections to the Cloudflare edge have been successfully established. All connection attempts are failing withtimeout: no recent network activity, yet thecloudflared_tunnel_ha_connectionsgauge incorrectly shows 1 active HA connection instead of 0.To Reproduce
Steps to reproduce the behavior:
0.0.0.0:7013cloudflaredin an environment where QUIC connections to the Cloudflare edge time out (e.g., firewall blocking UDP to Cloudflare edge IPs)ERR Failed to dial a quic connectionerrors in the logs — no connection is ever successfully establishedhttp://<host>:7013/metricscloudflared_tunnel_ha_connectionsreports1despite zero successful connectionsExpected behavior
When all QUIC connection attempts to the Cloudflare edge fail and no tunnel connections are active, the metric
cloudflared_tunnel_ha_connectionsshould report0, not1. The gauge should only increment once a connection is successfully established, and should accurately reflect the number of active HA connections at any given time.Environment and versions
Additional context
This machine would have had access to port cloudflare services on 80:443, but not the additional ports used, e..g 7844