WARP Tunnel Include-only mode (warp-cli)
I'd like to set up my WARP tunnel to tunnel only specific IP ranges. In the docs (https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) it lists how to do this with a split-tunnel configuration, but it doesn't show how to do it using
warp-cli. I can't do this through the Zero Trust dashboard because the device I'm trying to do this on is not enrolled in an organization.
I've been able to fool the WARP client into include-only mode by stopping warp-svc, editing /var/lib/cloudflare-warp/settings.json, and restarting warp-svc, but that's not a very robust way as any configuration issues cause it to reset to factory configuration, tunneling all traffic and cutting off my SSH access to the server. Is there an official way to do this through the CLI? I'm able to add and remove IP ranges just fine, but I can't find a way to change it from Exclude-only to Include-only mode.
Thanks!3 Replies
Update: it looks like include-only mode is not really supported. If I fool the running daemon into include-only mode and then attempt to add or remove IP ranges, I get
Not yet implemented.. Seems this is a feature CF still needs to addyea I think only supported via Zero Trust. Same on Windows and other platforms, the UI of normal warp only lets you exclude not include.
. I can't do this through the Zero Trust dashboard because the device I'm trying to do this on is not enrolled in an organization.Zero Trust Accounts are free, could always make one (or a second one) and enroll it just for this
I looked into that and that's probably what I'll end up doing