markllama
markllama
PostsComments
CDCloudflare Developers
Created by markllama on 3/14/2024 in #general-help
Tunnel endpoint IP is excluded from tunnel?
TL;DR: One IP address that should be included in a tunnel is instead routed to local default route. All others are tunneled as expected. This behavior started suddenly 3 days ago after working as expected for almost a month. MacOS warp client ------- I have a tunnel set up with a pair of hosts running cloudflared for redundency. I am running warp ZT on MacoOS for the client side. It's all working as expected with one exception: 3 days ago direct ssh to one of the tunnel (tunnel2) hosts stopped connecting. The other (tunnel1) is still accessible and I can reach and examine tunnel2 by logging into tunnel1 and then across to tunnel2. What I see if I traceroute to it is that the IP is excluded from the tunnel despite no exclude rule for the host or IP address: 
traceroute 10.193.130.52
traceroute to 10.193.130.52 (10.193.130.52), 64 hops max, 40 byte packets
 1  192.168.2.1 (192.168.2.1)  1.772 ms  0.415 ms  0.299 ms
 2  192.168.1.1 (192.168.1.1)  0.751 ms  0.930 ms  0.830 ms
 3  lo0-100.bstnma-vfttp-339.verizon-gni.net (71.174.61.1)  2.045 ms  1.831 ms  1.688 ms
traceroute 10.193.130.52
traceroute to 10.193.130.52 (10.193.130.52), 64 hops max, 40 byte packets
 1  192.168.2.1 (192.168.2.1)  1.772 ms  0.415 ms  0.299 ms
 2  192.168.1.1 (192.168.1.1)  0.751 ms  0.930 ms  0.830 ms
 3  lo0-100.bstnma-vfttp-339.verizon-gni.net (71.174.61.1)  2.045 ms  1.831 ms  1.688 ms
While the other tunnel host gets on traceroute response (because the tunnel doesn't pass ICMP) 
 traceroute 10.193.130.50
traceroute to 10.193.130.50 (10.193.130.50), 64 hops max, 40 byte packets
 1  162.158.10.107 (162.158.10.107)  5.845 ms  4.189 ms  5.011 ms
 traceroute 10.193.130.50
traceroute to 10.193.130.50 (10.193.130.50), 64 hops max, 40 byte packets
 1  162.158.10.107 (162.158.10.107)  5.845 ms  4.189 ms  5.011 ms
As far as I can tell the tunnel daemons are working fine and the tunnel service and the network profile are fine and al the users are happy. When I try to ping tunnel2 I get a different response than tunnel1. (tunnel1 gets a response from
3 replies
CDCloudflare Developers
Created by markllama on 11/9/2023 in #general-help
Can you route local traffic outbound through a tunnel?
This is probably a silly question, but.... That is: Can you create a tunnel from a network and then tell devices on that network that the tunnel host is the gateway and arrange for traffic to be forewarded up through the tunnel? The goal is to get all outbound local traffic to go through the tunnel without having to install ZT client on every device on the network.
3 replies
CDCloudflare Developers
Created by markllama on 9/15/2023 in #general-help
Warp Client Selects wrong Profile for Known Network
I've established a network with a beacon and created the Known Network and a Profile with specific exclusion rules. When the warp client is disconnected warp-cli settings indicates that the correct profile is selected. When the client is connected, the profile is ignored and reverts to the default. How can I tell which profile will be applied and why, when connecting the already-detected profile is ignored.
4 replies
CDCloudflare Developers
Created by markllama on 9/13/2023 in #general-help
Visibility and Diagnosis of Zero Trust Known Network/Profile selection
Is there a way to view any system logs when the Warp client probes for known networks and selects a profile? Or even to see in the output from warp-cli what profile has been applied? I'm trying to create a set of known networks and matching profiles for different use cases and locations and the only way I have so far to understand what's actually happening is trial and error.
4 replies