Skip to content
Alchemy
GitHubXDiscordRSS

TunnelRoute

Route private network traffic through Cloudflare Tunnels for Zero Trust network access.

A Cloudflare Tunnel Route routes private network traffic (CIDR ranges) through a Cloudflare Tunnel, enabling Zero Trust network access to private networks.

Minimal Example

Section titled “Minimal Example”

Create a basic tunnel route for a private network:

import { Tunnel, TunnelRoute } from "alchemy/cloudflare";


const tunnel = await Tunnel("my-tunnel", {
  name: "my-tunnel",
});


const route = await TunnelRoute("private-network", {
  network: "172.16.0.0/16",
  tunnel: tunnel,
});

With Comment

Section titled “With Comment”

Add a descriptive comment to the route:

const route = await TunnelRoute("vpc-route", {
  network: "10.0.0.0/8",
  tunnel: tunnel,
  comment: "Main VPC network route",
});

Using Tunnel ID String

Section titled “Using Tunnel ID String”

You can also pass the tunnel ID as a string instead of a Tunnel resource:

const route = await TunnelRoute("route-by-id", {
  network: "192.168.1.0/24",
  tunnel: "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415", // Tunnel UUID
  comment: "Route using tunnel ID",
});

With Virtual Network

Section titled “With Virtual Network”

Specify a virtual network ID for the route:

const route = await TunnelRoute("vpc-route", {
  network: "10.0.0.0/8",
  tunnel: tunnel,
  virtualNetworkId: "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
  comment: "Route in custom virtual network",
});

Adopt Existing Route

Section titled “Adopt Existing Route”

Adopt an existing route if it already exists:

const route = await TunnelRoute("existing-route", {
  network: "192.168.1.0/24",
  tunnel: tunnel,
  adopt: true,
  comment: "Updated comment for adopted route",
});

Keep Route on Deletion

Section titled “Keep Route on Deletion”

Prevent the route from being deleted when removed from Alchemy:

const route = await TunnelRoute("persistent-route", {
  network: "10.1.0.0/16",
  tunnel: tunnel,
  delete: false, // Route will remain even if removed from Alchemy
});

Update Route Comment

Section titled “Update Route Comment”

Update the comment on an existing route:

// Create initial route
let route = await TunnelRoute("my-route", {
  network: "172.16.0.0/16",
  tunnel: tunnel,
  comment: "Initial comment",
});


// Update the comment
route = await TunnelRoute("my-route", {
  network: "172.16.0.0/16",
  tunnel: tunnel,
  comment: "Updated comment",
});

API Token Requirements

Section titled “API Token Requirements”

TunnelRoute requires a Cloudflare API token with the following permissions:

  • Cloudflare One Networks Write - Required for creating, updating, and deleting routes
  • Cloudflare Tunnel Write - Required for managing tunnel routes

You can create an API token at https://dash.cloudflare.com/profile/api-tokens.

OAuth tokens from wrangler login do not support TunnelRoute operations. You must use an API token.

See Also

Section titled “See Also”