I am supporting an existing setup where people are accessing a browser-based collaborative tool via a Wireguard tunnel, and was attempting to roll out Cloudflare for Teams browser isolation alongside it. When CF for Teams is connected, performance when accessing the server on the far side of the tunnel becomes noticeably slower and even erratic.
The non-routable range on the far side of the Wireguard tunnel is in the 10.x.x.x /8 that is excluded from Cloudflare for Teams by default. I also explicitly added the public IP address for the Wireguard server to the exclude list, but neither of these changes had any impact.
I have had to undo the rollout of CF for Teams to all of these users as a result of this. Am I missing something obvious?