Cloudflare Tunnel + Dynu Setup (Access Raspberry Pi from Anywhere)
Jio AirFiber uses shared IPs, making traditional port forwarding impossible. This guide shows how to access your Raspberry Pi from anywhere using Dynu DDNS and Cloudflare Tunnel—no port forwarding needed.
The Problem
- Jio AirFiber assigns shared/CGNAT IP addresses
- Can't port forward from external internet
- Need secure remote access to Raspberry Pi server
- Want HTTPS without managing certificates
Requirements
- Raspberry Pi (or any server)
- Free Dynu account (dynu.com)
- Free Cloudflare account (cloudflare.com)
- Domain name (optional, can use Dynu subdomain)
Part 1: Dynu DDNS Setup
Create Dynu Hostname
- Sign up at dynu.com
- DDNS Services → Add
- Choose hostname: mypiserver.freeddns.org
- Set to your current IP (Dynu will update automatically)
Install ddclient on Pi
sudo apt install ddclient -y
sudo nano /etc/ddclient.confConfigure with Dynu credentials to keep hostname updated.
Part 2: Cloudflare Tunnel Setup
Add Domain to Cloudflare
- Add site to Cloudflare account
- Update nameservers at domain registrar
- Or use Cloudflare's free subdomain
Install cloudflared on Pi
wget https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64.deb
sudo dpkg -i cloudflared-linux-arm64.debAuthenticate
cloudflared tunnel loginCreate Tunnel
cloudflared tunnel create mypi
cloudflared tunnel route dns mypi pi.yourdomain.comConfigure Tunnel
Edit ~/.cloudflared/config.yml:
tunnel: [tunnel-id]
credentials-file: /home/pi/.cloudflared/[tunnel-id].json
ingress:
- hostname: pi.yourdomain.com
service: http://localhost:80
- service: http_status:404Run as Service
sudo cloudflared service install
sudo systemctl start cloudflared
sudo systemctl enable cloudflaredBenefits
- Bypass firewall/CGNAT – Works with Jio AirFiber restrictions
- Automatic SSL – HTTPS without certificate management
- No nameserver management – Cloudflare handles DNS
- DDoS protection – Cloudflare's network protects your Pi
- Fast – Cloudflare's global CDN
Security Best Practices
- Enable Cloudflare Access for MFA
- Restrict access by IP/country if needed
- Use strong credentials on Pi services
- Keep cloudflared updated
- Monitor access logs
- Don't expose unnecessary services
Troubleshooting
Tunnel won't start: Check cloudflared logs with journalctl -u cloudflared -f
Can't access: Verify DNS propagation, check tunnel status in Cloudflare dashboard
502 error: Ensure local service (port 80) is running on Pi
This setup transformed my Raspberry Pi from local-only to globally accessible server, all without port forwarding or static IP. Secure, reliable, free.