The “warp” aka “zero trust” was blocked in my country
The Cloudflare warp help my team a lot reaching to internet, but my teammates and I recently (we just deployed in 8 
) discovered the warp PC client and client uses wireguard protocol cannot reach anymore.
We have tested it in multi places, most places like school or province firewall are dropping wireguard handshakes, even the connection are just 4 route hop distance.
For iPhone warp client that uses ISAKMP protocol was still reachable to cloudflare’s server, so we think the firewall has identified wireguard and drops it.
Are there any possible support for warp client confusing to firewall (such as using udp2tcp or v2ray thingy) so they can reachable again? (or hen cloudflare@home ?lol) Thanks!
) discovered the warp PC client and client uses wireguard protocol cannot reach anymore.
We have tested it in multi places, most places like school or province firewall are dropping wireguard handshakes, even the connection are just 4 route hop distance.
For iPhone warp client that uses ISAKMP protocol was still reachable to cloudflare’s server, so we think the firewall has identified wireguard and drops it.
Are there any possible support for warp client confusing to firewall (such as using udp2tcp or v2ray thingy) so they can reachable again? (or 15 Replies
Sorry for too long post, for tl;dr: warp and wireguard was blocked in my country, are there possible support?
Have you tried changing ports ? For engage.cloudflareclient.com 2408, 500, 1701, or 4500
@33335 I have more solutions if needed most bypasses are easy for me it's the bandwidth from the connections is my struggling part I hate data caps
Yes, I have tried all ports(500、854、859、864、878、880、890、891、894、903、908、928、934、939、942、943、945、946、955、968、987、988、1002、1010、1014、1018、1070、1074、1180、1387、1701、1843、2371、2408、2506、3138、3476、3581、3854、4177、4198、4233、4500、5279、5956、7103、7152、7156、7281、7559、8319、8742、8854、8886). The block was protocol and domain specific.
We tried setting host for reachable cloudflare IPs, the result was firewall will check protocol, then TLS1.0 handshake certificate’s domain, if was in blacklist sends RST,ACK or drops it. QUIC seems not in blacklist but very slow
Let's try to trace your nearest center connection by connecting your phone to the same internet connection as your PC oh and make sure to check your PC firewall outbound connection and DNS adapter as well I'ma send pictures to make it make sense for wireguard
@33335
I have tried connecting all reachable(tcp syn on 443 acked) datacenters. None wireguard protocol connection was made.
The wireshark indicates there’s only handshake request packet, no any response packet was received on my side, on my server are only handshake request packet but none response packet received.
So maybe we can try using ISAKMP or anything goes by tcp that firewall doesn’t recognizes.
Hope cloudflare warp team can make it possible
Wireguard VPN is udp only https://www.wireguard.com/known-limitations/ . Before wireguard was a thing openvpn tcp was my go-to for my vps back in the day.
@33335
I saw some udp2tcp or udp2raw projects, don’t know if cloudflare can deploy it.
I wouldn't trust it because of security something decrypting and encrypting it
Interesting
that was a way, thanks. I’ll try that.
Solved, with a phone using zero trust and hotspot share VPN, then route all wireguard to it.
Secret old but gold 🤫 http://www.junefabrics.com/index.php