Using host networking may not be the most secure way, but it is what was needed to get WARP routing when using quic to be able to proxy UDP traffic for proper DNS lookups on the private networks.
docker pull cloudflare/cloudflared:latest docker run --network host -d --restart=unless-stopped cloudflare/cloudflared:latest tunnel --no-autoupdate run --token <CLOUDFLARE_TUNNEL_TOKEN>
running_container=$(docker container ls -f ancestor=cloudflare/cloudflared:latest -q) running_image=$(docker image ls --filter=reference=cloudflare/cloudflared -q) running_token=$(docker inspect $running_container --format='{{(index .Config.Cmd 4)}}') docker pull cloudflare/cloudflared:latest docker run --network host -d --restart=unless-stopped cloudflare/cloudflared:latest tunnel --no-autoupdate run --token $running_token docker container ls -f ancestor=cloudflare/cloudflared:latest -a # verify two running docker container ls -f ancestor=$running_image -a # verify two running docker stop $running_container # # reconnect if disconnected # old_image=$(docker image ls --filter=reference=cloudflare/cloudflared --filter=dangling=true --format {{.ID}}) old_container=$(docker container ls -f ancestor=$old_image -f status=exited -q) docker rm $old_container sleep 5 docker image prune