The best WARP tutorial ever!! Way better than cloudflare's docs!! Thank you for sharing this valuable video for us
@LinuxCloudHacks
3 ай бұрын
Thank you very much! I'm glad it was helpful. Please let me know if you have any questions. I'll be doing more CloudFlare tutorials so stay tuned! Cheers
@bilalmujahid7445
Ай бұрын
I am a Cloudflare Architect, but this video just amazed me, very detailed yet the explanation is concise.
@fomofonk
13 күн бұрын
Amazing tutorial! 🙏👏 It made a big chunk of Cloudflare docs "click"! Really Thank You! Please keep making the amazing content you provide!
@LinuxCloudHacks
12 күн бұрын
You're very welcome!
@JaroslavVazac
27 күн бұрын
Best howto video I ever seen. Thanks, it has helped me to understand WARP tunneling a lot.
@LinuxCloudHacks
25 күн бұрын
Great to hear!
@shivamsaxena7378
2 ай бұрын
Thank you for such a detailed video. This is exactly what I have been looking for! Looking forward to more such videos from you :)
@LinuxCloudHacks
2 ай бұрын
Glad you've liked it. More to come!
@4m0ses
10 күн бұрын
Can you do a video on how to connect via wrap active directory on zentyal
@MohammadMajdalawi-r1c
Ай бұрын
Thank you for the detailed video, How can I implement a high availability (HA) setup for a Site-to-Site Warp connector?
@LinuxCloudHacks
25 күн бұрын
I believe that due to nature of how WARP is implemented it's not possible to do HA setup as we understand it. However: a) if you have 2 WANs from distinct ISPs, if one WAN goes down, you'll switch to other WAN and the operation should resume b) if CloudFlare colocation center goes down, you'll be connected to a different collocation center (due to anycast routing) I know that this is not ideal but it's close.
@MohammadsadeghSalehi-l5x
7 күн бұрын
Hi, thanks for this amazing video, I have done all the steps like you did but the VMs behind the routers can't ping each other!
@LinuxCloudHacks
5 күн бұрын
Hi! Please making sure that the local devices have return routing set, so the WARP peers need to be set as the default gateway for your network or your local devices need to have explicit static route for 100.64.0.0/10 and the remote network So in my example local client1 (10.10.0.2) needs to have route to 10.20.0.0/24 via 10.10.0.1 (warp peer) and client2 (10.20.0.2) needs to have route to 10.10.0.0/24 via 10.20.0.1 (warp peer). I'm not adding static routes as I have default gateway set as the warp client.
@MAMSEIN021
13 күн бұрын
Hi there, thank you for your useful video. Is there anyway to use MASQUE protocol on WARP to connect from WARP client to a VPS server like Linode or OVH? I mean using it as a VPN.
@LinuxCloudHacks
12 күн бұрын
Hi! Last time I've checked their MASQUE proto was in beta (not available to the public) and they used Wireguard for VPN (on WARP).
@MAMSEIN021
12 күн бұрын
@@LinuxCloudHacks Hi again, No it is not in beta now, you can change your protocol on WARP client via warp-cli command, and once you changed it to MASQUE you will be able to use it easily and it is working fine even in Iran. I only need to know how can I use my own VPS server to connect to it via WARP client and use it like a VPN service. if you know any ways please let me know. thanks ❤
@MAMSEIN021
10 күн бұрын
@@TheMrNatoShow No sir, I just want to use WARP Client as a VPN to connect to my server via WARP Client. I just can get connected to WARP servers easily, but I want to get my server's IP address when I connected via WARP. don't want to get cloudflare IP address.
@mansur_sw07
4 ай бұрын
First Comment and first like from me 😅
@LinuxCloudHacks
4 ай бұрын
🎉 Thank you! Stay tuned for more videos!
@Shhommy
4 ай бұрын
Hey nice video, I was looking for good site-to-site setup, and this seems like a good option. However I am running into a problem where the app needs to be installed to connect to the other network, is there a workaround through static routs configuration on the router and does ti work with Cloudflare WARP?
@LinuxCloudHacks
4 ай бұрын
Hi, Not sure if I understand the question. You need to have Cloudflare WARP daemon installed as it's connecting you to the Cloudflare network. It's not possible to do it via static routes etc. If you don't want all your traffic to go via the tunnel you can setup split tunnel to "include" and only include the site to site traffic and CGNAT to go via tunnel and all other traffic goes as is (default gateway). BTW There are also other options if you have direct reachability - for example Wireguard, ZeroTier, Tailscale, etc. Thank!
@JustinStuartYoung
2 ай бұрын
I have the same question. I think what he's asking is, can this work line the "other options" you mentioned. We were going to try this with zerotier, but wanted to know if this was a viable option for riding non-warp-client traffic, like IOT, legacy OS devices, etc.
@LinuxCloudHacks
2 ай бұрын
@@JustinStuartYoung This behaves like a regular VPN tunnel. You can send any traffic there. The network does not have to be directly connected to the Warp Peer. So for example there is 172.16.1.0/24 network somewhere on the SITE1 and there is 172.16.2.0/24 network somewhere on SITE2. Those networks are not directly connected to WarpClient Peers but you can put a static route on the servers or routers in SITE1 to send traffic to 172.16.2.0/24 via local WarpClient and the other way around - on SITE2 you put a static route to point to 172.16.1.0/24 via the WarpClient and you'll get reachability. There are few things you need to do: - Networks/Tunnels/Private Network - you need to add 172.16.1.0/24 to net-10 tunnel and 172.16.2.0/24 to the net-12 tunnel - in the split tunnel configuration you need to remove 172.16.0.0/12 from the exclude list so this traffic goes via the tunnel - you need to make sure that the Warp peer knows how to get to local 172.16.x.x network (by adding a static route or going via router that knows how to get there) - basic routing stuff So we have something like: 172.16.1.0/24 router 10.10.0.0/24 warp peer warp peer 10.12.0.0/24 172.16.2.0/24 Not sure if I did a good job explaining but long story short it's possible :) Cheers
@agungnandapr
3 ай бұрын
Nice tutorial, good job sir 👍
@LinuxCloudHacks
3 ай бұрын
Many thanks!
@angeloerasto
3 күн бұрын
Strange as soon as start the service I cannot reach the internet and warp-cli status says disconnected. if i stop the service i can reach the internet. All registration information is set up correctly. For the life of me I cant find out why. I am running the router and clients on proxmox containers
@LinuxCloudHacks
3 күн бұрын
Hi! Recently Cloudflare updated their WARP CLI software so the procedure may be a bit different. Later this month or early next month I'll create another video about how to set it up with latest Warp CLI and latest Ubuntu/Debian. Have not tried it yet. In the meantime please try playing with "ResolveUnicastSingleLabel=yes" in systemd-resolved. In general it's usually issue with DNS.
@angeloerasto
3 күн бұрын
Thanks. im sure i have tried playing with resolveunicastsinglelabel but i will keep trying. I wonder if its because im behind cgnat. Anyway i will wait for your video. I keep finding KZitem tutorials for the same thing. Your videos really make a difference. Cheers
@MichelHespanha
Ай бұрын
Hello, great video!!. I have a question: is it possible for me to have a single network interface on Linux routers and use the same interface to connect to Cloudflare warp and also pass my network that is behind my Linux router? ex: 2 Linux routers with Cloudflare warps in different locations, each with a single network interface, and on router1: 10.10.0.0/24 and router2: 10.20.0.0/2, allowing clients behind these routers to access each other?!
@LinuxCloudHacks
Ай бұрын
Hi! Just so I get it right. There's a default gateway to the Internet, let's say 192.168.1.1, and there's a local node with single interface only let's say 192.168.1.10 that is using that default gateway to get to the Internet and has Cloudflare installed. You want other nodes on the 192.168.1.0/24 network to go to let the other private network via Cloudflare using the 192.168.1.10? In other words you want to install cloudflare on one of your local servers and not the gateway, right?
@MichelHespanha
Ай бұрын
@@LinuxCloudHacks that’s exactly it! The routers with cloudflare warp will be geographically separated, but each router will have only a single network interface, like this example: Side A = Internet 192.168.1.1 -> Switch -> warp router (single interface) 192.168.1.10, cloudflare passing the route 192.168.1.0/24. Side B = Internet 10.10.0.1 -> Switch -> warp router (single interface) 10.10.0.10, cloudflare passing the route 10.10.0.0/24. I would like to know if with only a single interface on each warp router, it would be possible that all nodes that are on the same network as the warp routers on both sides could be accessed?!
@LinuxCloudHacks
Ай бұрын
I don't see a reason it should not work. You'd just have to add a static route on all devices on Side A that 10.10.0.0/24 is accessible via 10.10.0.10 and on all devices on Side B that 192.168.1.0/24 is accessible via 192.168.1.10. Or add those routes only on the routers. Just to be sure let me check it over the weekend and get back to you.
@MichelHespanha
Ай бұрын
@@LinuxCloudHacksthat’s nice, sir! Thank you for the tips! I’ll try to do that soon!
@ncore231
Ай бұрын
So the client is dont need to install the vpn? Instead the vpn supply is a source of eth1? So that the client running static ip and the gateway are 10.10.0.1?
@ncore231
Ай бұрын
Correct if I'm wrong 😅
@LinuxCloudHacks
Ай бұрын
No, clients in 10.10.0.x network don't have to install anything. Only set the default gateway to the router that is 10.10.0.1.
@ncore231
Ай бұрын
@@LinuxCloudHacks Thank you it's work i do on 4 virtual machine 2 is my router 1 and router 2 and the other 2 is my client connected to host internal network im happy
@kalpanchal6614
4 ай бұрын
Nice video, great job explaining
@LinuxCloudHacks
4 ай бұрын
Glad you liked it! Stay tuned for more!
@ngoyal16
Ай бұрын
Hello Team, This is a great video. and i followed the exact steps as i showed in video. i don't have access to router so i installted the warp on one client at both side. i am able to ping and telnet the devices via the CGNET address. but when i am trying to ping via their private IP address space it is not working. ip -4 -br a showing as intended. i also checked the route table it is forwarding to warp tunnel only. i also enable the ip4 forwarding in sysctl.conf file as well. any idea what can be wrong. nothing is getting pinged, sshed or curl,
@LinuxCloudHacks
Ай бұрын
Hi. Looks like an issue with the reverse routing. Traffic does not know how to get back. The devices on your private networks needs to have either: - default gateway set to the device running WARP (that is not your case, right? as you have a router as the default gateway already - if I'm reading it correctly) OR - static route that points to the other private network via device running WARP for example if your private network 1 is 10.1.0.0/24 and the WARP 1 device is 10.1.0.10, and your private network 2 is 10.2.0.0/24 and the WARP 2 device is 10.2.0.10 then all devices on the private network 1 needs to have ip route add 10.2.0.0/24 via 10.1.0.10 and all devices on private network 2 needs to have ip route add 10.1.0.0/24 via 10.2.0.10 Let me know if that helps.
@ngoyal16
Ай бұрын
@@LinuxCloudHacks one more thing i forgot to add. one of my site is in local onprime server. and another site is AWS VPC which i am tring to connect
@CelalDemir-g1s
Ай бұрын
This is awesome content thank you so much.
@LinuxCloudHacks
Ай бұрын
Glad you enjoyed it!
@ncore231
Ай бұрын
Eth1 is a static ip? Without gateway just only 10.10.0.1?
@LinuxCloudHacks
Ай бұрын
ROUTER1 has two interfaces. ETH0 with 192.168.10.1. This interface points towards the Internet. The default Gateway is 192.168.10.200. ROUTER1 has also ETH1 with a static IP 10.10.0.1 towards the private network. All nodes in the private network has default gateway set to the ROUTER that is 10.10.0.1. Cloudflare WARP software is installed only on the ROUTER1. Clients in the 10.10.0.x network don't have CloudFlare installed.
@neodragoon
3 ай бұрын
Love the video, But can you do a written guide do go along with this great video
@LinuxCloudHacks
3 ай бұрын
Thanks! BTW Written guides are something I've been thinking about (like for every YT video a single article). As soon as the channel grows (hopefully) I'll implement it.
@neodragoon
3 ай бұрын
@@LinuxCloudHacks Ran into an issue where i am unable to ping site to site or client to client. I notice that the client network (10.5.20.x) and the warp (100.96.0.x) is not listed in the table 65743 to be routed thru cloudflare warp. Is there a way to force that list to update? Both netwoks are not listed in "Split Tunnel entries (exclude)" section
@neodragoon
3 ай бұрын
@@LinuxCloudHacks Ran into issue when im unable to ping site to site or client to client. I notice the client network and the warp 100.69.0.0 network is not listed in 65743 table. Do you know a way i can update this list
@LinuxCloudHacks
3 ай бұрын
Hi! Are you saying ping between 100.96.0.x peers does not work? Can you double check if Settings->Networks->"WARP to WARP" is enabled and Settings->Networks->Proxy (TCP/UDP/ICMP) is enabled? Please also remove "100.64.0.0/10" from the exclude list and add "100.64.0.0/11" and "100.112.0.0/12"
@wudoo6666
2 ай бұрын
Did anyone manage to get the warp tunnel running in a Docker container? I am trying to figure it if i can use it to access private cloud resources without the need for a jumphost/bastion setup. I am thinking in this direction: a warp connector running in a container in the cloud infrastructure (Azure) and Warp clients (laptops with the warp client) that are able to access behind the firewall private resources that are not exposed with public endpoints.
@LinuxCloudHacks
2 ай бұрын
Once I find some time I'll try to play with WARP in a container and let you know the results. Just as a POC you can try running WARP on a Azure VM (and not container). Another thing that you can do (if you want to expose only certain apps and not whole network) is to run CloudflareD in a container and add policies (I did something similar here kzitem.info/news/bejne/lKJ30Y1uapN4iqAsi=L6s56ta9MZIbIigG)
@wudoo6666
2 ай бұрын
@@LinuxCloudHacks , yes Cloudflared in a container works smoothly. I ran it on AKS, and Azure Container Apps, and on Synology Nas. I was looking at Warp as an alternative to accessing non publicly exposed resources like VMs, db endpoints, Keyvault etc.
@mattiaippolito1625
Ай бұрын
When I try to connect my client and login with the Warp app I get a 404 Page not found error and not the page where I should fill in the email address... can you help?
@LinuxCloudHacks
Ай бұрын
Hi, This happens when you click "login to zero trust" in Preferences -> Account ? Then you do enter the team name (for example abc.cloudflareaccess.com) that you found under your web console->zero trust->settings->custom pages? And then you get 404?
@mattiaippolito1625
Ай бұрын
@@LinuxCloudHacks correct…that’s what happened …. But after in my zero trust I changed the team name it worked….maybe my team name was already used or I don’t understand…. I now have a different problem. I have two devices a Mac and an iPhone both connected to the same WiFi network…if I enable the warp client on both devices when they are connected to the WiFi and I try to access a server on the same LAN I get a timeout error and no connection on the Mac but but it works perfectly fine on the phone under the same circumstances…
@AdrianuX1985
4 ай бұрын
+1
@LinuxCloudHacks
4 ай бұрын
Thanks!
@jayvratsinhjadeja8299
2 ай бұрын
I followed your video step by step and got my devices to ping the WARP IPs assigned to each client but I am not able to ping the local devices in any WARP tunnels. The only thing I can do is ping the device running the WARP tunnel using the 100.96.X.X IPs. I even uncommented the "net.ipv4.ip_forward=1" in the /etc/sysctl.conf and applied the change with "sudo sysctl -p", still no luck. Command "ip route get 192.168.XX.XX fibmatch" show that the IP is routing through the Cloudflare interface but when I ping that IP it does not respond. I am using the Include Method in the Split Tunnel Configuration as I only need 3 devices with static IPs to connect to each other. Could anyone help me.
@LinuxCloudHacks
2 ай бұрын
Hi! Please start with making sure that the local devices have return routing set. So you need to either have the WARP peer set as the default gateway on your local device or your local devices need to have explicit static routes for 100.64.0.0/10 and the other local network. So in my example local client1 (10.10.0.2) needs to have route to 10.20.0.0/24 via 10.10.0.1 (warp peer) client2 (10.20.0.2) needs to have route to 10.10.0.0/24 via 10.20.0.1 (warp peer). I'm not adding static routes as I have default gateway set as the warp client.
@jayvratsinhjadeja8299
2 ай бұрын
@@LinuxCloudHacks It turns out for some reason ping and ssh are not working through the WARP connector even after turning on the UDP and ICMP option in Settings>Network>Proxy. The WARP connector lets me connect http and https services through it which works for me now. Great video man, It made the overall setup process pretty easy.
@ngoyal16
Ай бұрын
HI @@jayvratsinhjadeja8299 , I am trying to connect the one on prime subnet with AWS VPC. have you tried the same. in my case peer to peer is working over virtual interface ips but site to site is not working
Пікірлер: 66