Table of Contents
- Overview
- Installation
- Basic Usage
- Configuration
- Zero Trust Integration
- Split Tunneling
- Troubleshooting
- CLI Management
- Best Practices
Overview
Cloudflare WARP is a modern VPN client that provides secure, fast connections to the internet through Cloudflare’s network, with optional Zero Trust capabilities.
Key Features
- Secure DNS (1.1.1.1)
- Zero Trust integration
- Split tunneling
- Network performance optimization
- Malware blocking
- Device registration
- Gateway policies
- Cross-platform support
Installation
Ubuntu (22.04/24.04)
# Download and install
curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
sudo apt update
sudo apt install cloudflare-warpmacOS
# Using Homebrew
brew install --cask cloudflare-warp
# Direct download
curl -L https://1.1.1.1/Cloudflare_WARP.pkg -o Cloudflare_WARP.pkg
sudo installer -pkg Cloudflare_WARP.pkg -target /Basic Usage
CLI Control
# Register WARP
warp-cli register
# Connect to WARP
warp-cli connect
# Disconnect from WARP
warp-cli disconnect
# Check status
warp-cli statusAccount Management
# Login to Zero Trust organization
warp-cli teams-enroll <team-token>
# Check account type
warp-cli account
# Switch modes
warp-cli set-mode warp
warp-cli set-mode proxy
warp-cli set-mode dohConfiguration
Basic Settings
# Enable/Disable WARP
warp-cli enable-warp
warp-cli disable-warp
# Configure DNS
warp-cli set-custom-endpoint <endpoint>
warp-cli set-families-mode
# Set preferences
warp-cli set-proxy-port 40000
warp-cli set-timezone autoNetwork Settings
# Configure proxy settings
warp-cli set-proxy-mode off
warp-cli set-proxy-mode automatic
warp-cli set-proxy-mode manual
# Configure endpoints
warp-cli add-trusted-ssid "WiFi-Name"
warp-cli remove-trusted-ssid "WiFi-Name"Zero Trust Integration
Team Enrollment
# Enroll in Zero Trust
warp-cli teams-enroll <token>
# Check enrollment status
warp-cli teams-enrollment-status
# Leave team
warp-cli teams-unenrollDevice Management
# Register device
warp-cli device-register
# Check device status
warp-cli device-status
# Reset device registration
warp-cli device-resetSplit Tunneling
Configure Split Tunnels
# Add exclude route
warp-cli add-exclude-route 192.168.1.0/24
# Remove exclude route
warp-cli remove-exclude-route 192.168.1.0/24
# List excluded routes
warp-cli list-exclude-routesApplication Split Tunneling
# Add excluded application
warp-cli add-excluded-app "/path/to/application"
# Remove excluded application
warp-cli remove-excluded-app "/path/to/application"
# List excluded applications
warp-cli list-excluded-appsTroubleshooting
Common Issues
- Connection Problems
# Check WARP status
warp-cli status
# Diagnose connection
warp-cli diagnose
# Reset WARP
warp-cli reset- Performance Issues
# Check connection details
warp-cli warp-stats
# Monitor connection
warp-cli trace
# Test connectivity
warp-cli test- Authentication Issues
# Check registration
warp-cli registration-status
# Verify team enrollment
warp-cli teams-enrollment-status
# Reset registration
warp-cli delete
warp-cli registerCLI Management
System Commands
# Service management
sudo systemctl status warp-svc
sudo systemctl restart warp-svc
# Check logs
sudo journalctl -u warp-svc
# Clear settings
warp-cli clear-device-name
warp-cli deleteConfiguration Management
# Backup configuration
warp-cli generate-conf > warp-backup.conf
# Reset configuration
warp-cli reset
# Update client
warp-cli updateBest Practices
Security Settings
# Enable security features
warp-cli enable-dns-log
warp-cli set-families-mode
warp-cli set-gateway-port random
# Configure trusted networks
warp-cli add-trusted-ssid "Office-WiFi"
warp-cli set-switch-locked truePerformance Optimization
# Optimize settings
warp-cli set-mode warp+doh
warp-cli set-custom-endpoint closest
warp-cli set-keepalive 25Quick Reference
Essential Commands
# Basic control
warp-cli connect
warp-cli disconnect
warp-cli status
# Account management
warp-cli register
warp-cli teams-enroll
warp-cli account
# Configuration
warp-cli set-mode
warp-cli set-proxy-port
warp-cli set-families-modeCommon Options
connect # Connect to WARP
disconnect # Disconnect from WARP
status # Check connection status
register # Register device
teams-enroll # Enroll in Zero Trust
set-mode # Change WARP modeExample Configurations
Basic Setup
# Initial configuration
warp-cli register
warp-cli set-mode warp
warp-cli enable-dns-log
warp-cli connectZero Trust Setup
# Zero Trust configuration
warp-cli teams-enroll <token>
warp-cli set-mode warp+doh
warp-cli add-exclude-route 192.168.0.0/16
warp-cli connectSplit Tunnel Configuration
# Configure split tunneling
warp-cli add-exclude-route 10.0.0.0/8
warp-cli add-exclude-route 172.16.0.0/12
warp-cli add-exclude-route 192.168.0.0/16
warp-cli add-excluded-app "/usr/bin/ssh"Remember:
- Regular updates
- Monitor connection status
- Backup configurations
- Document custom settings
- Review security policies
- Keep logs for troubleshooting
For detailed information, consult the official Cloudflare WARP documentation.