As a longtime Cloudflare user, we are getting started with Cloudflare Zero Trust and wanted to use a cloudflared tunnel to expose some devices on our local networks.
As an example we have a tunnel running with an IP on a DHCP IP assigned network 192.168.1.1/24 (gateway 192.168.1.254) running cloudflared and this allows remote access to other private devices within the network for example 192.168.1.51.
We can access this using the WARP client in Windows / Android only if the local network of the device doesn’t have the same subnet 192.168.1.1/24. This seems to force the request to 192.168.1.51 to go locally rather than through the WARP routing. If the client has a /32 subnet then the routing works as expected - but this workaround would require manually setting IP assignment in all networks the client may use - not really feasible.
The Split tunnel feature doesn’t seem to make any difference even though we have removed the 192.168.0.0/16 rule and added an exclusion for 192.168.1.51.
This is similar to issues described by other users here Overlapping IP ranges in Tunnels unfortunately topic auto-closed with no resolution.
Is there a known workaround for this other than forcing the client onto a separate subnet? For example: Do you know if it is possible to add a virtual IP to the tunnel machine and use an obscure subnet such as 10.10.8.0/24 (connection to the internet still over the 192.168.1.254 gateway) and then a virtual routes so that 10.10.8.51 → 192.168.1.51.