WARP Configuration
The IQrouter Pro allows you to be up and running with a Cloudflare WARP VPN tunnel in a matter of minutes, all you need is a couple of pieces of information, enter them on the simple WARP configuration page and click ‘Start’ to now securely and speedily tunnel your network traffic via the WARP (and associated Cloudflare) services.
If you or your employer already use a Cloudflare WARP-compatible service, then gather these pieces of information:
The private key used for this account
The IPv4 and IPv6 addresses associated with the account.
If necessary, the endpoint domain and port, if different than the supplied defaults.
In this example, we get ours from a wgcf-profile.conf file we created on a Linux machine configuration (see note at end of this article). But it is also available in other formats from other sources.
For example:
Address = 172.16.0.2/32 <- the IPv4
Address = fd01:5ca1:ab1e:xxx:xxx:xxxx:ba77:a936/128 <- the IPv6 (yours will be different)
All other values should already be configured by default, but it does not hurt to confirm.
To Configure the IQrouter, please log into the IQrouter menu, and then go to the Configure->WARP VPN page.
There you enter the above information into the appropriate fields as shown:
Paste the Private Key into the ‘Private Key’ field. If the text remains red, the entry is not validating. Make sure you include the trailing ‘=’ equal sign from the value.
In the IP Addresses section, add the two new entries for v4 and v6, so paste the IPv4 value, then click the green ‘+’, then enter the IPv6 value, click the green ‘+’.
You should now have this (with your unique values):
Then click the Save & Apply button to commit the changes.
To start sending all router traffic out the WARP VPN, click the ‘Start WARP’ button.
Then to confirm that the tunnel is operational, you can use the buttons in the WARP Status section of the same page.
‘Get WARP state’ will return a string containing the detailed interface status, including enpoint connection information as well as some transfer status.
‘Get WARP Status’ will return a string containing the result calling a Cloudflare URL that will confirm WARP status. It will look something like this when the WARP tunnel is up:
Warp is ON
fl=16f237 h=www.cloudflare.com ip=98.20.nnn.nnn ts=1641326279.081 visit_scheme=https uag=curl/7.66.0 colo=IAD http=http/1.1 loc=US tls=TLSv1.2 sni=plaintext warp=on gateway=off
You can also easily check using a browser by visiting : https://www.cloudflare.com/cdn-cgi/trace
If the tunnel goes down, or for some reason the WAN connectivity is not providing a tunneled connection, you can click the ‘Start WARP’ button to attempt to re-establish the tunneled state.
Further troubleshooting will require looking at the system log for errors, such as expired private keys.
To stop tunneling all traffic through the WARP service, you can click the ‘Stop WARP’ button.
If you want to create free trial WARP account, this site has a tool and instructions: https://github.com/ViRb3/wgcf once the wgcf-profile.conf is created, copy the contents and use the necessary elements from it to configure the WARP info shown above. We are not afiliated in any way, and can not provide support for it.
Note:
By default, all local LAN traffic will flow through the WARP tunnel to provide privacy and security benefits, however there are certain types of traffic whose performance or, more critically, function (e.g. Netflix) might be impacted by a VPN, so as a convenience, we have included the VPN Policy Routing module that enables the user to configure domains or sources to selectively bypass the tunnel. This is an advanced configuration option, and is found on the Advanced menus, under the VPN->VPN Policy Routing menu.
The default config reroutes one domain (gstatic.com) and all traffic from the guest network. It is disabled by default.
Common configurations are to set the IPs of set-top streaming devices to fully bypass the tunnel. Documentation for the Policy routing module is at: https://docs.openwrt.melmac.net/vpn-policy-routing/