TunnelVirtualNetwork

Source: src/Cloudflare/Tunnel/VirtualNetwork.ts

A Cloudflare Zero Trust Virtual Network — an isolated routing namespace for Cloudflare Tunnel private networks.

Virtual networks let you run overlapping CIDR ranges side by side: each {@link TunnelRoute} can target a virtualNetworkId, and WARP clients switch between virtual networks to choose which copy of 10.0.0.0/8 they see. Every account starts with a single default virtual network.

Name and comment are mutable in place. Deleting a virtual network requires that no routes reference it — express that relationship by passing vnet.virtualNetworkId into your TunnelRoutes so destroy ordering is correct.

Creating a Virtual Network

Basic virtual network

const vnet = yield* Cloudflare.TunnelVirtualNetwork("Staging", {
  comment: "staging private network",
});

Route a tunnel CIDR through the virtual network

const tunnel = yield* Cloudflare.Tunnel("MyTunnel");
yield* Cloudflare.TunnelRoute("StagingNet", {
  tunnelId: tunnel.tunnelId,
  network: "10.4.0.0/16",
  virtualNetworkId: vnet.virtualNetworkId,
});

Default network

// Only one default per account — promoting demotes the previous one.
const vnet = yield* Cloudflare.TunnelVirtualNetwork("Primary", {
  isDefaultNetwork: true,
});