I'm currently utilizing SMB over QUIC with Kerberos authentication, set up through a KDC Proxy (KPSSVC). Everything functions well when the KDC Proxy is directly exposed. My setup involves a client communicating via HTTPS to the KDC Proxy and using QUIC to access a file server. I've successfully verified Kerberos ticket acquisition through the KDC Proxy. Now, I'm curious if anyone has experience running the KDC Proxy behind Cloudflare's orange cloud proxy. Has it been successful for you?
2 Answers
I’m not sure about using it behind Cloudflare, but I'm impressed by the SMB over QUIC setup! It seems like a good method to avoid needing a VPN for accessing company resources. Have you had any luck running the KDC Proxy through Cloudflare?
While I haven’t specifically tried running KDC Proxy behind Cloudflare, I did manage to set it up behind nginx, which worked smoothly. We completed TLS termination at the nginx proxy before sending it to the KDC Proxy, using a long-lived cert from LetsEncrypt. It was pretty straightforward! Have you considered this type of setup?
Thanks for sharing the nginx experience! I validated something similar with Cloudflare in front, and everything worked well with Kerberos over HTTPS. With Cloudflare handling TLS, I didn't need any special configuration for the backend. Already feeling positive about the security aspect of it. Let’s see how it holds up!
Yeah, that's exactly the idea! I’m trying to make secure SMB access without a VPN. Any thoughts on running KDC Proxy behind Cloudflare?