Connect to Remote Desktop server with WARP to tunnel

I’m trying to use Remote Desktop with WARP following the instructions on this page:

Connect to Remote Desktop through Cloudflare Tunnel

Here’s what I’ve done:

  • Created a Cloudflare tunnel. In the Zero Trust “Settings” page under “General”, the “Team Domain” is set to (something like) I also set the Private Network to, which is my home network.
  • Installed cloudflared on my home Windows 11 PC that will be the RDP server. The tunnel in Zero Trust shows that the Connector on the PC is connected and the tunnel has a status of “Healthy”.
  • Installed the WARP client on a Windows 11 laptop that will be the RDP client. In the account settings of the WARP client, I logged into Cloudflare Zero Trust using the same Team Name I used when setting up the tunnel (i.e. “myteam”). Authentication was done via a one-time PIN sent through email. The WARP client shows that everything is connected ok on the Connectivity tab of the Preferences window. I also see the laptop listed under Devices in the Zero Trust team.

When the laptop is connected to a separate cellular connection and is NOT on the private network, any attempts to connect Remote Desktop to the PC’s internal IP ( time out. However, it works fine if the laptop is on the same private network as the PC (so RDP normally works ok).

My understanding from the document above is that after running cloudflared on the RDP server PC, I should be able to use only the WARP client on the laptop, without installing cloudflared on the laptop, and without creating any Public Hostnames for the tunnel.

Out of desperation, I also tried installing cloudflared on the laptop, as well as installing the WARP client on the RDP server PC, and creating a Public Hostname for an RDP service. None of those helped though, and shouldn’t be necessary, I don’t think.

Thanks for any clues,

I have a similar setup, successfully using Cloudflare Tunnel for RDP. I found an additional step which was required for me.

In the Zero Trust Dashboard > Settings > WARP Client > Profile settings, configure the default profile.

Then, second-to-last option, Split Tunnels - and remove the IP range which includes your server’s private IP address.

This will sync to your WARP application in Settings > Advanced > Connection Options > Excluded Routes. :crossed_fingers:


Additionally, on the Dashboard - Settings > Network > Firewall, enable Proxy :+1:

1 Like

YES! Thank you! That’s exactly what I needed.

To summarize the solution:

  • In the Zero Trust Dashboard, go to Settings > WARP Client > Device settings > Profile settings > configure the Default profile > Split Tunnels > ensure your private network is either in the included IPs and domains, or not in the excluded IPs and domains.
  • In the Zero Trust Dashboard, go to Settings > Network > Firewall > enable Proxy for TCP (as of 2023-02-23, Microsoft says the current version of RDP only uses TCP, so UDP doesn’t need to be enabled for RDP).
  • Changes made to the IP/domain ranges are immediate, without having to reconnect the WARP client.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.