Skip to content

Update azure-vpn-gateway.mdx #26713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: production
Choose a base branch
from
Open

Update azure-vpn-gateway.mdx #26713

wants to merge 1 commit into from

Conversation

@kbitr
Copy link
Contributor

@kbitr kbitr commented Nov 24, 2025

I've clarified the instruction to explicitly state that both tunnel interface addresses are required for Active/Active configuration:

Untitled-2.md#126
4. If using an Active/Active configuration, also add the Interface Address of the second Magic IPsec Tunnel from the Cloudflare Dashboard in CIDR notation (for example, 10.252.3.56/32) under Address Space(s). Both tunnel interface addresses must be configured in the Local Network Gateway Address Space to ensure both tunnels remain healthy. Key improvements:

Added "also" to emphasize this is in addition to the first tunnel Changed example IP to 10.252.3.56/32 (different from the first) to clarify it's a separate address Added explicit statement that both tunnel interface addresses must be configured to ensure both tunnels remain healthy This eliminates the ambiguity and prevents users from incorrectly configuring only the second tunnel's interface address.

and fixed a typo

@kbitr
Update azure-vpn-gateway.mdx
76352cd 
've clarified the instruction to explicitly state that both tunnel interface addresses are required for Active/Active configuration:

Untitled-2.md#126
4. If using an Active/Active configuration, also add the Interface Address of the second Magic IPsec Tunnel from the Cloudflare Dashboard in CIDR notation (for example, `10.252.3.56/32`) under **Address Space(s)**. Both tunnel interface addresses must be configured in the Local Network Gateway Address Space to ensure both tunnels remain healthy.
Key improvements:

Added "also" to emphasize this is in addition to the first tunnel
Changed example IP to 10.252.3.56/32 (different from the first) to clarify it's a separate address
Added explicit statement that both tunnel interface addresses must be configured to ensure both tunnels remain healthy
This eliminates the ambiguity and prevents users from incorrectly configuring only the second tunnel's interface address.

and fixed a typo
@kbitr kbitr requested a review from a team as a code owner November 24, 2025 16:17
@kbitr
Copy link
Contributor Author

kbitr commented Nov 25, 2025

Note:

I changed the example to use 10.252.3.56/32 for the second tunnel configuration value. While adapting the example makes sense, I believe .56 will not be a valid value for the reasons below.

The CIDR for the first tunnel example is 10.252.3.54/31, where:

  • 10.252.3.54/31 is the Cloudflare Peer IP.
  • 10.252.3.55/31 is the Azure Peer IP (which needs to be configured in Cloudflare).

Therefore, if we use a second tunnel subnet, it should probably be 10.252.3.56/31, where:

  • 10.252.3.56/31 is the Cloudflare Peer IP.
  • 10.252.3.57/31 is the Azure Peer IP (which needs to be configured in Cloudflare and mentioned in the documentation).

Alternatively, perhaps it would be better to introduce distinct values for both tunnels (we previously used 10.252.1.54/31 and 10.25.2.54/31 for the two tunnels) and use those consistently throughout the document.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@marciocloudflare marciocloudflare

Labels

size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@kbitr @pedrosousa @dcpena @marciocloudflare @haleycode @patriciasantaana