Cloudflare Logo

VMware Horizon Remote Access via Cloudflare


I came across this blog post by Cloudflare which caught my attention to solve an issue in my home lab! If you want to provide remote access for your Horizon Clients, VMware provides the Unified Access Gateway, which is a great appliance for the job; however, it must listen on port 443. This was a problem as my ISP will not allow inbound port 443 for my residential service and would force me to upgrade to a business account. The Argo Tunnel by Cloudflare allowed me to expose my Horizon Connection Server on the internet without opening any ports! Instead we run a lightweight service on our Windows server that creates an outbound tunnel to the Cloudflare network which you can run free of charge for testing or very inexpensive for production. Here are the steps to follow for your Horizon Connection Server:

  1. From your Horizon Connection Server, launch your computer certificate manager (certlm.msc) and locate the certificate being used (hint: friendly name = vdm)
  2. Export your certificate (do not export the private key) in Base-64 encoded format
  3. Rename your <certificatename>.cer file to <certificatename>.pem
  4. From your Horizon Connection Server with the Argo Tunnel downloaded ( ) run the following command “./cloudflared.exe tunnel –url –origin-ca-pool c:\pathtoyourcertificate\certificatename.pem”
  5. If you want to run as a service it will cost $5/month plus 10 cents per GB. Cloudflare only charges for Argo routing; there is no charge for the count of tunnels used. You can find details here


This is a great way to solve my home lab challenge and to showcase a quick test of remote access to customers without having to open firewall ports etc…Thanks again to Cloudflare for saving the day!

Add comment