WARP

Ver

Cloudflare

1/18/22

WARP

Users in your organization can then reach the service by enrolling into your organization’s Zero Trust account and using the WARP agent

Once enrolled, user endpoints will be able to connect to private RFC 1918 IP space and other ranges that you control.

Applications running on those endpoints will be able to reach those private IPs as well in a private network model.

Coming soon, administrators will be able to build Zero Trust rules to determine who within your organization can reach those IPs.

Install cloudflared

You can now use cloudflared to control Cloudflare Tunnel connections in your Cloudflare account.

Create a Tunnel

You can now create a Tunnel that will connect cloudflared to Cloudflare’s edge.

$ cloudflared tunnel list

You can confirm the ID of the Tunnel by running the following command.

Create a route. Routes map a Tunnel ID to a CIDR range that you specify.

The private IP space specified should match the private IP space of your subnet

This example tells Cloudflare Tunnel that, for users in this organization, connections to 100.64.0.0/10 should be served by this Tunnel.

Grafana is running in a DigitalOcean environment where a virtual interface has been applied that will send traffic bound for localhost to 100.64.0.1.

$ cloudflared tunnel route ip add 100.64.0.0/10 8e343b13-a087-48ea-825f-9783931ff2a5

$ cloudflared tunnel route ip show

Similar to the list command, you can confirm the routes enrolled with the following command.

Configure and run the Tunnel

we recommend running cloudflared as a service for long-lived connections.

Route private IP ranges through WARP

Make sure HTTP traffic filtering is enabled. This lets Cloudflare proxy your private IP ranges to corresponding Cloudflare Tunnels.

Users can reach this private service by logging in to their Zero Trust account and the WARP client.