Cloudflare for Teams routing issue?

Hi all, hoping for some assistance on this.

Having a weird issue accessing resources on a subnet that is the same as being routed through the tunnel.

Currently on a 192.168.0.X subnet both locally and at the location hosting the tunnel.

When I connect to the warp client and try accessing the local IP, nothing happens… almost like it is trying to route to the local IP only and not through Cloudflare. All routing/policies in the Cloudflare portal are set correctly as far as I know.

The weird thing is, I can connect from my Android phone on the same exact network and reach the resources just fine. I have tried two different Windows 10 machines and they both have the same issue.

Any ideas what might cause the routing to work on a mobile but not a desktop PC? Thanks!


Can you show the output (screenshot) of when you are using the WARP client, in both your desktop and mobile devices?

1 Like

Here is the desktop screenshot. Mobile says the same thing

That screenshot explains why your desktop cannot reach the private origin IP that is behind the Cloudflare Tunnel and associated IP route: the WARP and Gateway Proxy functionalities must be green/enabled. Furthermore, you must have " Your network is fully protected" at the top of the screen (whereas you are just using DoH). It should look like:

You can see this tutorial for all the steps needed: Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel · Cloudflare Zero Trust docs

In particular, you are missing all the steps from Connect from WARP to a private network on Cloudflare using Cloudflare Tunnel · Cloudflare Zero Trust docs onwards

Finally, you say that your mobile has the same output in that help screen? I find that very odd. Either your mobile is not able to reach the private origins behind the Tunnel either, or it must not have the same output in that screen.

1 Like

Yep, exact same output and I can RDP to my private resources from the mobile:

Also the desktop does list the Team (blurred for privacy) and I did get a one time password during device enrollment:

Did you check the split tunnel ip addresses

That’s very odd. If does not show WARP and Gateway as enabled, then it won’t work. How come you have Teams Connected but then those as grey, I don’t know. You’ll have to open a ticket with support so that they can find out via your specific account

Thanks, I’ll do that. I can live with using cloudflared for access on my PC for now. The weird thing is that it is only my home network with the issue. If I bring the same laptop anywhere else, I can connect to local resources behind cloudflare just fine.

I have just realized why your shows WARP and Gateway off, when you have them on. This is a hunch, but I guess you can confirm: very likely you have → Settings → Network → Split Tunnels configured in a way — such as, Includes List only, with very few CIDRs — that is causing the WARP client “connectivity check” to fail.

I.e., the WARP client will run a check against some URL served by Cloudflare, and if that is handled via the wireguard tunnel successfully, then the will be able to tell whether the traffic is going via WARP and Gateway (or not)

But very likely you’ve set up split tunnels in way that the check will not go via the wireguard tunnel, and that’s why we got that weird mismatch above (where help says one thing, and your client says another). I’d say this is more of a limitation of the help tool rather than anything else.

I figured as much. I have the split tunnel set to include rather than exclude for very specific IPs.

Still unsure on the whole reason Windows refuses to work on the same subnet… But every other device works fine. Sticking with cloudflare access for now!

I also have this promble.
I have the split tunnel set to include


And visit the page

At MacOS

At windows 10

At Android

only windows can’t split routes