Cloudflare WARP over IPv6, showing wrong information on trace

This is a slightly strange issue, but when I activate WARP and go to a Cloudflare website supporting ipv6, the cdn-cgi/trace output shows the wrong IPv6 and says I don’t have warp activated.

https://cloudflare.com/cdn-cgi/trace
Result:
fl=11f295
h=cloudflare.com
ip=fd01:5ca1:ab1e:8265:e3:e708:d7c9:ebae
ts=1631681440.835
visit_scheme=https
uag=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
colo=EWR
http=http/3
loc=XX
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off

The IP Address it returns (fd01:5ca1:ab1e:8265:e3:e708:d7c9:ebae), looks like it’s a unique local address rather then an actual IPv6.

When I visit a website to see what my external IPv6 is, it returns it correctly:


I can see 2a09:bac0:11::82e:74ec is owned by CF.

If I disable IPv6 or to a IPv4 only cloudflare website (https://1.1.1.1/cdn-cgi/trace) it properly returns my real IPv4 and warp status.

It does this on a few devices and on my phone as well. I don’t know how much it matters, but it’s slightly annoying as I try to check if I’m connected to WARP or not, and it lies to me.

Is your connection between ISP <-> WARP over IPv6?

I’m not able to reproduce this issue in Singapore colo.

Yea my ISP supports both IPv4 and IPv6.
Maybe you can’t reproduce it because Singapore isn’t part of their “Upper Tier” PoPs that are all connected, or you aren’t using WARP Plus? That’s strange.

It’s just IPv6 that shows the wrong address and warp status, not IPv4.

Opps sorry, you were asking if my connection to Warp itself is over IPv6.

It looks like that is related. If I have both IPv4 and IPv6 enabled, it looks like Cloudflare provides me with a non-public/privateIPv6.

If I only have IPv6 enabled on my machine and connect to WARP, it shows my home network’s IPv6 and the correct warp status.

It’s kind of strange though. After disabling IPv4. I enabled both IPv6 and IPv4 and reconnected. Then https://cloudflare.com/cdn-cgi/trace showed my IP Address as a private IPv4: 172.16.116.26. https://1.1.1.1/cdn-cgi/trace still showed my correct IPv4.

Regardless, it looks in trying to explore this, I discovered https://1.1.1.1/cdn-cgi/trace always shows the correct WARP Status and IP, so I’ll just use that for now. Thanks for your help

Edit:

It looks like this isn’t just trace, and it’s pushing the wrong information in the CF-Connecting-IP Header.

For example if I visit ip-tracker.org, a website behind Cloudflare


Or if I go to a PHPBB Form that logs User IPs for Actions

I guess kind of an unexpected privacy feature? Part of the goal was to hide IPs anyway. Hopefully no one using Cloudflare is trusting the CF-Connecting-IP field to never be a private/internal address