For the 2 hostnames I added CNAME records pointing to .cfargotunnel.com and I also ran the command to add an IP range to the tunnel. “sudo cloudflared tunnel route ip show” returns the correct IP range. The cloudflared output shows “Warp-routing is enabled” and a few “Connection registered connIndex=1 location=HAM” (but for different locations of course). No errors in the output.
In the Cloudflare Teams dashboard the “Split tunnel” config has been set to “Include IPs and domains” and I added the same IP range here.
I installed the WARP client on my Android phone and logged into my Teams accounts. Connection gets established but I can seem to use my browser to connect to and internal webserver on the IP address. “wget” for the same URL works from the server running cloudflare, so it’s not a firewall between the tunnel endpoint and the internal server. WARP client is set to “Gateway with WARP” and I can see the correct IP range under Advanced → Connection options → Manage included routes. The 2 hostnames from the ingress rule work without any issues.
The only thing I was able to find is that in the Cloudflare Teams dashboard under Access → Tunnels the route is not visible in the “Routes” column. Only my hostnames are listed there.
Are you trying to publish an application via Access or use Warp to tunnel? The description appears to be a combination of the two.
An application pointing (ssh, rdp, http or arbitrary tcp) would use ingress rules and cloudflared on the client side to connect. A connection using the Warp client would use warp-routing, CIDR definitions and DNS entries pointing to the origin IP addresses.
the ingress hostnames are for Internet-resolvable addresses, so you can access your private origin on any device with a browser
for ingress hostnames that are SSH/TCP/RDP (i.e., not L7), you need cloudflared access on the device to access those
if instead, you are trying to build a private network, then you have to install WARP on the user devices (which you did) and configure IP Routes — forget the Hostname Routes in this case, since no public DNS is involved anymore
I’m trying to access my network through WARP. I already have this Cloudflared Tunnel running and added the details on the working published applications to show that the tunnel itself is working fine.
So the issue I have is just with routing my internal IP range through WARP.
I’m 100% sure I had this enabled and that routing was still not working when initially setting this up. So I played around with a lot of the settings and in the end TLS inspection was disabled.
After re-enabling proxy and TLS the tunnel is now working fine!