WARP on-ramp to Magic WAN
Before you can begin using WARP as an on-ramp to Magic WAN, you must:
1. Create a service token
2. Install the WARP client on your device
3. Configure Split Tunnels
Optionally, you can configure Split Tunnels to include IP ranges or domains you want to use for connecting to public IP addresses. If you choose to use this option, destination ports
1023 and lower are supported.
4. Connect to WARP from your machine
You should be able to access Private IP addresses specified in the Split Tunnel configuration. If you requested to test TCP connectivity to public IP addresses, you should be able to access these services provided the destination port is
1023 or lower.
5. Route packets back to WARP devices
Route packets back to WARP devices from services behind an Anycast GRE or other type tunnel.
WARP devices will be assigned IP addresses from the Magic WARP Virtual IP (VIP) space. To view your virtual IP address, open the Cloudflare Zero Trust dashboard and select My Team > Devices.
All packets with a destination IP in the VIP space need to be routed back through the tunnel. For example, with a single GRE tunnel named
gre1, in Linux, the following command would add a routing rule that would route such packets:
ip route add 100.96.0.0/12 dev gre1