MCP Tunnels is a new Anthropic Claude platform feature (currently in research preview) that lets MCP servers running inside a private network connect to Claude Managed Agents — no inbound firewall ports, no public IP exposure required. Under the hood it uses Cloudflare Tunnel with a user-supplied TLS certificate so the owner keeps full end-to-end control over the traffic pipe.
Running MCP servers inside a corporate or home network has a connectivity problem: Claude Managed Agents live in Anthropic's cloud and can't reach private servers without firewall pinholes, public IPs, or VPNs. MCP Tunnels solves this by flipping the connection direction — the tunnel agent inside your network calls out to Anthropic infrastructure over an encrypted outbound connection. No inbound ports, no IP allowlisting.
"It enables you to use your MCP servers that you already have or maybe you're going to create and still keep them within your own network boundary and connect them to cloud infrastructure."
The stack has three moving parts deployed inside your network boundary:
mcp-proxy) that handles the tunnel-side routing and TLS termination using your own certificate.Everything is wired together via a Docker Compose file generated by the quick-start commands.
1. Create the tunnel in Claude Console
Navigate to MCP Tunnels in the Claude platform console, click New Tunnel, give it a name, and optionally configure Workload Identity Federation. After creation you receive a tunnel domain, a tunnel token (keep private), and a tunnel ID. The tunnel shows status "needs certificate" until you upload a cert.
2. Generate and upload a TLS certificate
Use OpenSSL to generate a self-signed CA cert (or your org's PKI), then upload ca.crt via Add Certificate in the console. The tunnel status flips to active.
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out ca.crt \
-days 365 -nodes -subj "/CN=mcp-tunnel"3. Set environment variables
export TUNNEL_DOMAIN=<your-tunnel-domain>
export TUNNEL_TOKEN=<your-tunnel-token>4. Write config files and start the stack
The quick-start commands write a docker-compose.yml and mcp-proxy config file to disk using cat heredocs — pure copy-paste. The Docker Compose has three services: mcp-proxy, cloudflared, and your MCP server image. Run docker compose up -d and you're done locally.
5. Create a session in Claude Console
Under Sessions, create a new session and agent, click + MCP Server, select your tunnel from the list, and fill in the subdomain (e.g., echo) and path (e.g., /mcp for FastMCP). Create the session.
6. Test
Send a message that invokes a tool. The agent makes a tool call to your private server over the tunnel. The MCP server never touched the public internet.
For production clusters (Kubernetes IRSA, GKE Workload Identity, etc.) you can configure the tunnel to accept your identity provider's OIDC token in place of a static tunnel token. The console lets you set an issuer, service account, and federation rules. Den notes this will get its own deep-dive video.
"We provide the infrastructure and you lock down the traffic."
"I think this is really cool. I think this is going to enable a lot of the customer scenarios that we've seen being asked about."
"If you just speedrun through it, it was something like under 3 minutes end to end."
| Approx. Time | Topic |
|---|---|
| 0:00 | Intro — what problem MCP Tunnels solves |
| 1:00 | Docs overview and how to request access |
| 2:00 | Creating a tunnel in Claude Console |
| 3:30 | Workload Identity Federation explanation |
| 5:00 | Generating TLS certs with OpenSSL |
| 6:00 | Setting environment variables |
| 7:30 | Writing Docker Compose and proxy config |
| 9:00 | Starting the stack with docker compose up |
| 10:30 | Creating a session and connecting the MCP server |
| 12:00 | Live demo — hello world tool call |
| 13:00 | Wrap-up and call to action |