1 of 15 users cannot access CF Tunnel Private IP services via WARP

We have been using WARP with Gateway and CF Tunnel for Access to our Office LAN (for a DNS Server and one Web Application that uses non-standard services).

Today we randomly had a single user (out of approximately 15 users) who could not hit the Application.

Troubleshooting showed:

  • WARP Connected and Authorized on the client
  • User and device active and healthy in the Cloudflare ZT Dashboard
  • CF Gateway Logs (on dashboard) showing “Allow” events with proper data and timestamps (to both the LAN DNS server and LAN Web App server), BUT
  • DNS timeouts/no responses on the client
  • Web App timeouts/no responses on the client

All other users were working fine and there were no other problem reports of any kind.

Problem user was on WARP 2023.3.450, after trouble report, we upgraded to 2023.12.3 - no change. Most users are on 2023.3.450 (smattering on other versions).

Ideas?

Is the user’s home network using the same IP address range as your office LAN?

Great question, thought about that and should have mentioned that.

No - home network is 192.168.1.x, office is 10.1.50.x.