Cloudflare Tunnel MCP. Manage secure network routes from plain conversation.
Gemini Works with every AI agent you already use
…and any MCP-compatible client
Just plug in your AI agents and start using Vinkius.
Cloudflare Tunnel. Manage all your Zero Trust connections directly from your AI agent. List, create, and update tunnels and network routes to your private infrastructure.
Control ingress rules and manage connection lifecycle without touching the CLI or cloud console.
What your AI agents can do
Cleanup connections
Removes Cloudflare Tunnel connections. If no client ID is given, it cleans up all connectors.
Create route
Creates a new tunnel route to connect specific resources.
Create tunnel
Provisions and sets up a brand new Cloudflare Tunnel in your account.
The agent retrieves a list of all your Cloudflare Tunnels, letting you filter by status like 'healthy' or 'down'.
The agent modifies ingress rules and origin settings for a specific tunnel without needing the Cloudflare CLI.
The agent provisions a brand new Cloudflare Tunnel or removes an existing one from your network.
The agent handles private network routes (CIDR) and IP-based routing, connecting your internal resources.
The agent inspects and removes stale or unnecessary connection sessions to keep your network connections clean.
Ask AI about this MCP
Supported MCP Clients
Gemini Waiting for input…
Cloudflare Tunnel MCP Server: 17 Tools for Network Management
These 17 tools let you query, fetch, and update every aspect of your Cloudflare Tunnel setup, from connections to core network routes.
019e3879cleanup connections
Removes Cloudflare Tunnel connections. If no client ID is given, it cleans up all connectors.
019e3879create route
Creates a new tunnel route to connect specific resources.
019e3879create tunnel
Provisions and sets up a brand new Cloudflare Tunnel in your account.
019e3879delete route
Deletes an existing tunnel route.
019e3879delete tunnel
Removes an entire Cloudflare Tunnel from your account.
019e3879get configuration
Retrieves the current configuration settings for a remote-managed tunnel.
019e3879get connector
Fetches the detailed status and information about a specific Cloudflare Tunnel connector.
019e3879get management token
Generates a Cloudflare Tunnel management token you need for operations.
019e3879get route by ip
Looks up a specific tunnel route using an IP address.
019e3879get tunnel
Gets all detailed information for a single specified Cloudflare Tunnel.
019e3879get tunnel token
Retrieves a fresh token needed to run the Cloudflare Tunnel connector.
019e3879list connections
Lists all active Cloudflare Tunnel connections currently running.
019e3879list routes
Displays all the tunnel routes currently configured in your account.
019e3879list tunnels
Lists and filters all Cloudflare Tunnels in your account by status.
019e3879put configuration
Adds or overwrites the entire configuration for a remotely-managed tunnel.
019e3879update route
Modifies an existing tunnel route's parameters.
019e3879update tunnel
Changes settings on an existing Cloudflare Tunnel.
Choose How to Get Started
Build a custom MCP for your own tools, or connect a ready-made integration from our catalog.
Build Your Own
Turn any API into an MCP. Import a spec, define Agent Skills, or deploy with MCPFusion.
- Import from OpenAPI, Swagger, or YAML specs
- Create Agent Skills with progressive disclosure
- Deploy to edge with MCPFusion framework
- Built in DLP, auth, and compliance on every call
- Real time usage dashboard and cost metering
- Publish to catalog or keep private
Make Your AI Do More
Start with Cloudflare Tunnel, then connect any of our 4,700+ other servers whenever your AI needs more. One click, no limits.
- Use this MCP plus 4,700+ others, all in one place
- Add new capabilities to your AI anytime you want
- Every connection is secured and compliant automatically
- Track usage and costs across all your servers
- Works with Claude, ChatGPT, Cursor, and more
- New servers added to the catalog every week
What you can do with this MCP connector
Cloudflare Tunnel MCP Server - Manage Tunnels & Routes
Your AI agent takes over your Zero Trust connections and private network routing. You'll list, create, and update tunnels and network routes for your private infrastructure. You control ingress rules and manage the connection lifecycle without ever touching the CLI or the cloud console.
Cloudflare Tunnel MCP Server - Manage Tunnels & Routes gives your agent the power to handle the full lifecycle of your tunnels and network routes. It's built to work with your AI client, letting you manage things conversationally.
Getting Started
First, you'll need to generate a management token using get_management_token. Then, you'll use get_tunnel_token to grab a fresh token needed for the connector. You'll feed these credentials to your AI client to start using the tools.
Managing Tunnels and Connections
- Discovery: You can list all active Cloudflare Tunnel connections using
list_connections, or see every tunnel route configured withlist_routes. To check on the tunnels themselves,list_tunnelsshows you all of them, letting you filter by status. You can also get detailed info on a single tunnel withget_tunnelor fetch the status of a specific connector usingget_connector. You'll also get the current configuration settings for a remote-managed tunnel withget_configuration. - Actions: Need a new tunnel?
create_tunnelprovisions and sets up a brand new Cloudflare Tunnel in your account. If you need to remove one,delete_tunneltakes it out. You can also update an existing tunnel's settings usingupdate_tunnel, or modify its connection parameters withupdate_routeandcreate_routeto connect specific resources.delete_routehandles the removal of existing routes. - Inspecting Routes: You can look up a specific tunnel route using an IP address with
get_route_by_ip, or view all configured routes usinglist_routes. - Cleanup: If you find stale or unnecessary connections,
cleanup_connectionsremoves them; if you don't give it a client ID, it cleans up all connectors.
Fine-Tuning Configuration
- Updates: You can add or overwrite the entire configuration for a remotely-managed tunnel using
put_configuration. This lets you modify ingress rules and origin settings without leaving your IDE. You can also modify the configuration for a specific tunnel's connection usingget_tunnel_tokenandget_connector. - Specific Details: To get all detailed information for one tunnel, use
get_tunnel. If you just want to check the connection's status,get_connectorfetches that info. If you need to update the tunnel's connection parameters, you'll useupdate_tunnelandupdate_routetogether.
Deep Dive into Tunnel Management
Your agent handles private network routes (CIDR) and IP-based routing, connecting your internal resources. You can manage these private routes using create_route to establish a new connection, or delete them with delete_route. You'll always know where your traffic is going because get_route_by_ip lets you look up a route by its IP address.
The whole process gives you total control over your cloud networking stack, straight from your chat window.
How Cloudflare Tunnel MCP Works
- 1 Subscribe to the server and provide your Cloudflare API Token with Tunnel permissions.
- 2 Tell your AI client what you want to change (e.g., 'Update the ingress rules for the staging tunnel').
- 3 The agent calls the appropriate tool, executes the change, and reports the new status.
The bottom line is you manage complex, secure networking changes using plain conversation instead of multiple API calls.
Who Is Cloudflare Tunnel MCP For?
Network Engineers and DevOps professionals who hate context switching. If you spend your day jumping between the CLI, a dashboard, and a ticket system just to check if a single service is up, this is for you. It lets you manage critical, complex infrastructure from right where you're already working.
Checks tunnel health and updates ingress rules during deployments. They use the agent to validate network state without leaving their IDE.
Audits active tunnels and network routes to ensure they comply with Zero Trust policies. They run checks to confirm nothing is open unnecessarily.
Automates the cleanup of stale connections and monitors remote connectors across multiple accounts, keeping the network clean.
What Changes When You Connect
- Check tunnel health instantly. Use
list_tunnelsto see the status of every tunnel—healthy, degraded, or down—without navigating dashboards. You get an immediate, filtered overview of your entire network. - Configure tunnels on the fly. Instead of manually updating ingress rules in a web UI, use
get_configurationandput_configurationto modify tunnel settings directly via conversation. This saves time during hotfixes. - Maintain a clean network. Run
cleanup_connectionsto find and remove stale connectors. This prevents unnecessary resource usage and ensures your active connections are legitimate. - Control network paths. Need to change where traffic goes? Use
create_routeorupdate_routeto define new private network paths (CIDR) and secure internal resource access. - Simplify complex deployments. Use
create_tunnelandget_tunnel_tokentogether to provision a new endpoint and immediately get the necessary token to run the connector. It's a two-step process handled in one chat. - Audit security posture. Use
list_connectionsandget_connectorto inspect every active connection and understand exactly what is currently exposed to the internet.
Real-World Use Cases
The Production Hotfix
A DevOps engineer notices the staging environment is failing. Instead of logging into the CLI and running half a dozen commands, they ask their agent: 'Update the ingress rules for the staging tunnel to point to the new API endpoint.' The agent runs put_configuration, updates the rules, and confirms the change. The fix takes seconds, not minutes.
Auditing Zero Trust Compliance
A Security Analyst needs to prove that only specific internal IPs can access the main database tunnel. They use the agent to run list_routes and get_route_by_ip. The agent returns a comprehensive list, allowing the analyst to verify the network pathing against compliance policy instantly.
Deprovisioning an Old Service
A System Admin is decommissioning a legacy service. Instead of manually deleting it across three different panels, they ask the agent to run delete_tunnel and delete_route for the old service name. The agent confirms both the tunnel and its associated routes are gone.
Scaling Out an Internal API
A team needs to expose a new internal microservice. They first ask the agent to create_tunnel for the service, then use get_tunnel_token to get the connector token, and finally run create_route to direct traffic to the new endpoint. The whole sequence is automated.
The Tradeoffs
Calling tools in random order
Running get_tunnel to get details, then list_routes to see the paths, and then trying to update_route without knowing the specific route ID. You'll get errors because the context is lost.
→
Always start by using list_tunnels or list_routes to get the identifiers you need. Then, use get_tunnel or get_route_by_ip to verify the target object. Only then should you attempt an update with update_tunnel or update_route.
Treating the server as a simple API endpoint
Just sending a big block of JSON to update everything at once. The server needs to know what you want to change, not just that you want to change it.
→
Use the dedicated configuration tools. If you want to update the whole thing, use put_configuration. If you only want to change the path, use update_route. The tools force precision.
Forgetting to check connectivity
Running create_tunnel and assuming it works. You might deploy it, only to find out later the connector isn't running or the route is wrong.
→
After creation, immediately run get_tunnel or get_connector to confirm the tunnel details. If you need the token, use get_tunnel_token before declaring the service live.
When It Fits, When It Doesn't
Use this MCP server if your core task is managing network connectivity (tunnels, routes, connections) for private infrastructure. You need to check status, update rules, or provision resources without leaving your current workflow. Don't use it if you are just trying to list IPs or manage simple DNS records; those are better handled by specialized DNS management tools. If you need to build a full network architecture from scratch, you'll need a dedicated Infrastructure-as-Code (IaC) tool, but this server is best for operational management and quick state adjustments.
Independent Platform Disclaimer: Vinkius is an independent platform and is not affiliated with, endorsed by, sponsored by, verified by, or otherwise authorized by Cloudflare Tunnel. All third-party trademarks, logos, and brand names are the property of their respective owners. Their use on this website is strictly for informational purposes to identify service compatibility and interoperability.
VINKIUS INFRASTRUCTURE
Cloud Hosted
Managed infra
V8 Isolated
Sandboxed per request
Zero-Trust Proxy
No stored credentials
DLP Enforced
Policy on every call
GDPR Compliant
EU data residency
Token Compression
~60% cost reduction
Works with Claude, ChatGPT, Cursor, and more
The Model Context Protocol standardizes how applications expose capabilities to LLMs. Instead of operating in isolation, your AI gains direct access to external platforms, live data, and real-world actions through secure, standardized connections.
This server provides 17 capabilities that interface natively with Claude, ChatGPT, Cursor, and any MCP client. No middleware. No custom integration required.
Available Capabilities
Managing cloud tunnels and routes is a nightmare of dashboards and CLI commands.
Right now, updating a single tunnel's ingress rule means jumping into the Cloudflare dashboard, finding the correct tunnel, navigating to 'Rules', finding the right hostname, and manually typing the new destination. If you mess up, you're stuck in a rollback procedure that requires half a dozen clicks and a dedicated terminal session.
With the Cloudflare Tunnel MCP Server, you just ask your agent to change it. The agent runs the `put_configuration` tool, updates the rule, and confirms it. You keep your focus on your code, not on navigating complex cloud UIs.
Cloudflare Tunnel MCP Server: Get full control with Cloudflare Tunnel MCP Server
The manual steps that vanish include: logging in, finding the specific tunnel ID, opening the rule editor, selecting the correct host, and pasting the origin. These are all distinct, error-prone steps.
Now, managing network access is conversational. You tell your agent what the desired state is, and it executes the exact, minimal API calls needed. It's instant, auditable, and happens right where you're working.
Common Questions About Cloudflare Tunnel MCP
How do I use the `list_tunnels` tool? +
The list_tunnels tool retrieves a filtered list of all your tunnels. You can ask your agent to list all 'degraded' tunnels to see which ones need attention immediately.
Can I update routes using the `update_route` tool? +
Yes, update_route lets you modify existing tunnel routes. It's better than deleting and recreating the route, as it only changes the necessary parameters.
What is the difference between `create_tunnel` and `get_tunnel`? +
create_tunnel builds a brand new tunnel resource in your account. get_tunnel just pulls the current, detailed data for a tunnel that already exists.
Do I need `get_management_token` before using the server? +
It's good practice. Use get_management_token to get a current token, which helps ensure your agent has the latest credentials before you try to make any changes.
Which tool handles deleting everything? Is it `delete_tunnel` or `cleanup_connections`? +
delete_tunnel removes a specific tunnel. cleanup_connections removes stale connection sessions, which is for keeping the network clean, not for deleting the tunnel itself.
When should I use `get_connector` vs. `list_connections`? +
Use get_connector when you need specific details about one connector. list_connections shows you all active connections across the account, giving you a quick overview before you drill down.
How do I check the status of a tunnel using `get_tunnel`? +
The get_tunnel tool returns comprehensive metadata, including the current health status (Healthy, Degraded, or Down). This lets you confirm connectivity right away.
What happens if I run `delete_route` without specifying a tunnel? +
You must specify the tunnel ID and the route details for delete_route to work. If you omit these, the tool will return an error, preventing accidental deletion of active routes.
Can I update the ingress rules for a remotely managed tunnel? +
Yes. Use the put_configuration tool to update the ingress rules and origin request settings for any tunnel that is configured for remote management.
How do I check if my tunnels are currently online? +
You can use list_tunnels with the status parameter set to 'healthy' to see active tunnels, or use get_tunnel with a specific ID to see its current operational state.
Can I manage private network routes through this integration? +
Yes. The server includes tools like list_routes, create_route, and delete_route to manage your Cloudflare Tunnel network routing (WARP-to-Tunnel).
Use it with your favorite AI tools
Connect this server to Cursor, Claude, VS Code, and more.
More in this category
Pappers
Access French company data, financial filings, and legal documents from official business registries for due diligence research.
Google Drive
Manage your files — search, create, share, and organize your Google Drive via AI.
Honeywell Forge
Connect Honeywell Forge to any AI agent via MCP.
You might also like
Browserbase
Cloud browser infrastructure for AI agents — create, control, and manage headless Chromium sessions via CDP for automated web interaction.
Aviationstack
Global aviation data platform — track real-time flights, airports, and airline data via AI.
Flexport
Manage global freight shipments, purchase orders, and logistics documents via AI agents with Flexport.