> ## Documentation Index
> Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Anthropic MCP Tunnels

> Use Anthropic MCP Tunnels to connect Claude to Runlayer connectors in private customer tenants.

## Overview

Anthropic MCP Tunnels let Claude reach MCP servers that are not directly reachable from Anthropic's backend. Use this when your Runlayer tenant or upstream MCP servers sit behind private networking, VPN access, or strict inbound firewall rules.

With this setup, Claude connects through an Anthropic-managed tunnel hostname. The tunnel forwards traffic to Runlayer, and Runlayer continues to enforce connector auth, policies, ToolGuard scanning, and audit logs.

```mermaid theme={null}
flowchart LR
  Claude["Claude.ai"] --> Cloudflare["Anthropic / Cloudflare tunnel"]
  Cloudflare --> Cloudflared["cloudflared"]
  Cloudflared --> Gateway["Anthropic MCP Gateway"]
  Gateway --> Runlayer["Runlayer tenant"]
  Runlayer --> MCP["Runlayer connector / upstream MCP"]
```

<Note>
  Anthropic MCP Tunnels are an Anthropic feature. Follow Anthropic's tunnel documentation for their current beta status, supported deployment methods, and required network destinations.
</Note>

The tunnel provides network reachability. Runlayer still enforces application-layer authentication, connector permissions, policies, and audit logging.

## What You Need

Before starting, make sure you have:

* A Runlayer single-tenant deployment with the connectors you want to expose to Claude, where Runlayer can deploy the tunnel components.
* Claude organization admin access with MCP Tunnels enabled.
* Outbound network access from the tunnel deployment to Anthropic's API, Cloudflare tunnel edge, and your Runlayer tenant URL. Anthropic's guide currently calls for setup access to `api.anthropic.com:443` and runtime `cloudflared` access to Cloudflare edge on port `7844` TCP/UDP. Use Cloudflare's current tunnel firewall documentation as the source of truth for IP allowlists.
* A secure channel for sharing the short-lived Claude Tunnels API token with Runlayer.

## Shared Responsibilities

### Customer team

Your team owns the Claude organization and approves the tunnel setup:

* Enable MCP Tunnels in Claude and create a short-lived Tunnels API token.
* Confirm that Runlayer should deploy `cloudflared` and the Anthropic MCP Gateway in your Runlayer-operated single-tenant account.
* Allow outbound traffic required by Anthropic's tunnel guide.
* Share the short-lived Tunnels API token with Runlayer through an approved secure channel.
* Register Runlayer connector URLs in Claude once Runlayer provides the tunnel hostname and connector URLs.
* Revoke the Tunnels API token after provisioning is complete.

### Runlayer team

Runlayer owns the tenant-side tunnel deployment:

* Deploy `cloudflared` and the Anthropic MCP Gateway in the Runlayer-operated single-tenant account.
* Configure the gateway to forward tunnel traffic to your Runlayer tenant.
* Store and protect generated tunnel credentials, CA keys, TLS private keys, and tunnel data in the tenant account.
* Set `MCP_TUNNEL_BASE_URL` on the Runlayer deployment so OAuth discovery works through the tunnel.
* Provide Claude connector URLs for the Runlayer connectors you want to expose.
* Help validate OAuth, connector discovery, and end-to-end tool calls from Claude.

## Create a Claude Tunnels API Token

Runlayer needs a short-lived Anthropic Tunnels API token during initial tunnel provisioning. The token is not needed at runtime.

<Steps>
  <Step title="Open Claude tunnel settings">
    As a Claude organization admin, open [Claude tunnel settings](https://claude.ai/admin-settings/connectors/tunnels), or go to **Admin Settings → Connectors → Tunnels** in Claude.
  </Step>

  <Step title="Create a Tunnels API token">
    Click the option to create or generate an API token for MCP Tunnels. Copy the token immediately; Claude may only show it once.
  </Step>

  <Step title="Share the token securely with Runlayer">
    Send the token through your approved secure channel. Do not paste it into email, Slack, tickets, or documents.
  </Step>

  <Step title="Revoke the token after provisioning">
    After Runlayer confirms tunnel provisioning is complete, revoke the token in Claude. The deployed tunnel uses generated tunnel credentials, not the short-lived API token.
  </Step>
</Steps>

## Deployment Shape

Anthropic's tunnel deployment has two runtime components:

* `cloudflared` opens an outbound-only tunnel to Cloudflare. No inbound listener is required.
* Anthropic MCP Gateway terminates the inner TLS layer and forwards requests to Runlayer.

For Runlayer-operated single-tenant deployments, Runlayer deploys these components inside the tenant account. The tunnel compute can stay private because `cloudflared` dials out to Cloudflare.

The transport is protected in layers: Anthropic controls access to the tunnel, the gateway terminates the inner TLS connection, and Runlayer/OAuth controls user-level connector access.

Runlayer recommends one gateway route to the Runlayer tenant and path-based Claude connector URLs. You should not need one tunnel route per connector.

Example gateway route shape:

```yaml theme={null}
tunnel_domain: <tunnel-id>.tunnel.anthropic.com
routes:
  runlayer: https://<your-runlayer-tenant-domain>:443
upstream:
  tls:
    include_system_cas: true
```

Do not include connector paths in the gateway upstream route; paths belong in Claude connector URLs.

If your Runlayer tenant is reached through a public DNS name, Runlayer configures the gateway's upstream validation for that public Runlayer endpoint. This typically includes an explicit `:443` port and system CA trust.

## Runlayer Configuration

Runlayer must know the tunnel origin so its OAuth metadata points Claude to the right backend-to-backend endpoints.

Set:

```bash theme={null}
MCP_TUNNEL_BASE_URL=https://runlayer.<tunnel-id>.tunnel.anthropic.com
```

Use only the origin. Do not include a connector path.

This setting makes Runlayer return tunnel-aware OAuth metadata for proxied MCP connectors while keeping browser-facing authorization on the normal Runlayer tenant URL. The origin must match the hostname used in Claude connector URLs. Without this setting, Claude may fail OAuth discovery or report a missing `resource` parameter during authorization.

## Add Runlayer Connectors to Claude

After the tunnel is running, add each Runlayer connector as a custom web connector in Claude.

<Steps>
  <Step title="Get the connector server ID">
    In Runlayer, identify the connector you want to expose. Runlayer support can provide the server ID, or you can derive it from the connector's Runlayer MCP URL.
  </Step>

  <Step title="Build the Claude connector URL">
    Use the tunnel host and the normal Runlayer proxy path:

    ```text theme={null}
    https://runlayer.<tunnel-id>.tunnel.anthropic.com/api/v1/proxy/<server_id>/mcp
    ```

    The `runlayer` subdomain must match the gateway route key. The path identifies the specific Runlayer connector.
  </Step>

  <Step title="Register the connector in Claude">
    In Claude, go to **Organization Settings → Connectors → Add → Custom → Web** and enter the connector URL.
  </Step>

  <Step title="Have users connect">
    Users go to **Settings → Connectors** in Claude and click **Connect** for each connector they are allowed to use.
  </Step>
</Steps>

Adding another Runlayer connector later usually only requires registering another Claude connector URL with a different `<server_id>`. It should not require changing tunnel infrastructure.

## Validation Checklist

Use this checklist before rolling out to users:

* Tunnel containers or pods are healthy.
* `cloudflared` is connected to Cloudflare.
* Anthropic MCP Gateway logs show requests reaching the Runlayer tenant.
* `MCP_TUNNEL_BASE_URL` matches the tunnel origin used in Claude connector URLs.
* Claude can discover the connector tools.
* A test user can complete OAuth and run a low-risk tool call.
* Runlayer audit logs show the Claude-originated MCP request.

<Note>
  Direct `curl` requests to the tunnel hostname may return a Cloudflare or Anthropic access error. Validate through Claude connector traffic and tunnel logs.
</Note>

## Operations

### Token handling

The Tunnels API token is only needed for provisioning and some rotation operations. Revoke it after setup. Do not store it in long-lived Runlayer configuration.

If Runlayer needs to rotate the tunnel token or archive/recreate a tunnel later, we may ask a Claude organization admin to create a fresh short-lived Tunnels API token.

### Certificate renewal

Anthropic's setup tooling generates 90-day server certificates. Renew before expiry using the deployment method from Anthropic's guide. The gateway can reload renewed certificates without recreating the tunnel.

### Connector changes

Normal connector additions or removals happen in Claude and Runlayer. Keep the gateway route pointed at Runlayer and use path-based connector URLs.

### Security practices

* Require SSO for Claude organization admins who can create Tunnels API tokens.
* Keep connector scope minimal; expose only the Runlayer connectors and tools needed by Claude users.
* Keep OAuth required for Runlayer connectors. The tunnel secures transport, not end-user authorization.
* Monitor Runlayer audit logs and tunnel runtime logs for warnings, errors, and unusual traffic.
* Rotate tunnel credentials immediately if compromise is suspected.

### Incident response

If tunnel credentials or TLS keys may be compromised:

1. Stop the tunnel deployment.
2. Remove affected custom connectors from Claude.
3. Archive or rotate the tunnel through Anthropic's Tunnels API.
4. Rotate affected Runlayer and upstream MCP credentials.
5. Review Runlayer audit logs and tunnel logs before restoring service.

## Troubleshooting

<AccordionGroup>
  <Accordion title="The Claude Tunnels API token page is missing">
    Confirm MCP Tunnels are enabled for your Claude organization. If the Tunnels settings page or token creation option is not visible at [Claude tunnel settings](https://claude.ai/admin-settings/connectors/tunnels), contact Anthropic support or your Anthropic account team.
  </Accordion>

  <Accordion title="Direct curl or local client testing returns 403">
    This is expected for many tunnel deployments. Anthropic and Cloudflare may block arbitrary public requests to the tunnel hostname. Validate through Claude.ai connector traffic and Runlayer/tunnel logs instead of local `curl` or Claude Code.
  </Accordion>

  <Accordion title="Claude OAuth fails with a missing resource parameter">
    Confirm `MCP_TUNNEL_BASE_URL` is set to the tunnel origin used in Claude, for example `https://runlayer.<tunnel-id>.tunnel.anthropic.com`. The value must not include `/api/v1/proxy/...`.
  </Accordion>

  <Accordion title="Gateway rejects the upstream URL">
    Use an explicit port in the upstream route, such as `https://<your-runlayer-tenant-domain>:443`.
  </Accordion>

  <Accordion title="Gateway blocks the Runlayer upstream IP">
    Anthropic MCP Gateway validates upstream IP ranges. If your Runlayer tenant is reached through a public DNS name, configure the allowed upstream IPs or public-upstream setting according to Anthropic's guide and your security policy.
  </Accordion>

  <Accordion title="The tunnel is not connecting">
    Check whether `cloudflared` can reach Cloudflare edge on port `7844` TCP/UDP, and confirm the tunnel token has not been rotated or revoked. Runlayer handles this check for Runlayer-operated single-tenant deployments.
  </Accordion>

  <Accordion title="cloudflared logs UDP buffer warnings">
    `cloudflared` can log UDP receive buffer warnings when using QUIC. This is usually host/network tuning rather than a Runlayer connector issue. Runlayer can tune the host if the tunnel is otherwise unstable.
  </Accordion>

  <Accordion title="TLS errors occur between the gateway and Runlayer">
    If the Runlayer tenant uses a public certificate authority, enable system CA trust in the gateway upstream TLS settings. If it uses a private CA, mount the CA bundle and configure the gateway to use it.
  </Accordion>

  <Accordion title="Users can see the connector but cannot run tools">
    Check Runlayer connector permissions, policies, OAuth connection status, and audit logs. The tunnel only provides network reachability; Runlayer still enforces access control.
  </Accordion>
</AccordionGroup>

## Related Resources

<CardGroup cols={2}>
  <Card title="Connectors" icon="plug" href="/platform-connectors">
    Manage connector setup, auth, permissions, and policies in Runlayer.
  </Card>

  <Card title="OAuth Broker" icon="key" href="/oauth-broker">
    Learn how Runlayer handles OAuth for supported connectors.
  </Card>

  <Card title="MCP Security Best Practices" icon="shield" href="/mcp-security-best-practices">
    Review security guidance for enterprise MCP deployments.
  </Card>

  <Card title="Anthropic MCP Tunnels" icon="arrow-up-right-from-square" href="https://support.claude.com/en/articles/14290952-mcp-tunnels">
    Read Anthropic's official tunnel deployment guide.
  </Card>
</CardGroup>
