Tunnels Guide
v3.8.1Last updated: 2026-05-13
Was this page helpful?
Loading OmniRoute...
Source of truth: ,
Last updated: 2026-05-13 — v3.8.0
) to the public internet via three tunnel backends. This is useful for:
| Cloudflare Quick Tunnel | |||
| ngrok | |||
| Tailscale Funnel |
,
, and . All three return a
common-shaped object with , , , ,
, and fields, so the dashboard can render them uniformly.
runs as a child process and parses the assigned
URL from stdout.
binary from the official GitHub releases (managed install lives under
). SHA256 of the downloaded asset is verified against the
release manifest before execution.
- Quick-tunnel only. The current implementation runs only the
-style quick tunnel. Named/persistent tunnels ( + ) are not orchestrated by
OmniRoute. URLs are ephemeral and will change every restart.
- Process supervision. The cloudflared PID and resolved URL are persisted to
so the dashboard can resume status across reloads.
body, not separate
/ paths. Management auth (admin session or admin API key) is
required.
# Enable
curl -X POST http://localhost:20128/api/tunnels/cloudflared \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"action":"enable"}'
# Status
curl http://localhost:20128/api/tunnels/cloudflared \
-H "Cookie: auth_token=..."
# Disable
curl -X POST http://localhost:20128/api/tunnels/cloudflared \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"action":"disable"}'
Settings → Tunnels → Cloudflare.
/ |
). |
uses the SDK (in-process, no CLI
subprocess). The native module is imported lazily on first start so platforms
without prebuilt binaries do not break the app at boot.
, or.
# Enable (uses NGROK_AUTHTOKEN from env)
curl -X POST http://localhost:20128/api/tunnels/ngrok \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"action":"enable"}'
# Enable with inline token
curl -X POST http://localhost:20128/api/tunnels/ngrok \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"action":"enable","authToken":"2abc..."}'
# Status
curl http://localhost:20128/api/tunnels/ngrok \
-H "Cookie: auth_token=..."
# Disable
curl -X POST http://localhost:20128/api/tunnels/ngrok \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"action":"disable"}'
(e.g.
). Custom domains, regions, and policy rules
must be configured in the ngrok dashboard — OmniRoute itself only forwards the
local target URL to the SDK.
orchestrates the system CLI to expose
the local API port via Funnel (Tailscale's public-internet egress for serve).
It supports the full lifecycle: install, login, daemon start, enable, disable.
(background mode). The
public URL has the shape .
endpoint).) requires to control. The
POST endpoints accept an optional field which is forwarded to
OmniRoute's MITM password cache ( / ) for
the duration of the call. Windows uses the default service install at
.
, , |
||
| on Linux/macOS | ||
| to open in a browser | ||
).
curl -X POST http://localhost:20128/api/tunnels/tailscale/enable \
-H "Content-Type: application/json" \
-H "Cookie: auth_token=..." \
-d '{"sudoPassword":"<linux-pwd>","port":20128}'
plus an to open in a browser.
| binary path |
| (SSE) | |||
endpoint — each backend is independent.
public hostname, not . Otherwise
the OAuth provider redirects the user back to a URL its servers cannot reach,
and the handshake fails.
NEXT_PUBLIC_BASE_URL=https://<your-tunnel-host>
Settings → Tunnels:
, , ,
, ).
- ).
-
-
endpoints. Running more than one backend simultaneously is allowed; OmniRoute will track each independently.
manually from
https://github.com/cloudflare/cloudflared/releases and set
.
means no authtoken was found. Set in
, configure it via the dashboard, or pass in the enable POST
body.
, Funnel is disabled
for your tailnet. Open the returned (or the admin console feature
page) and toggle Funnel on.
needs root. Provide to the relevant POST endpoint,
or run the daemon yourself ().
..