Connecting to tunnel from remote vs. local


I want to use cloudflared to create a tunnel to a private network, so that this network can be accessed by remote users through WARP while they are out of office. I know how to configure this.

However, how do I configure Teams/WARP so that traffic to that network is not routed through the cloudflared tunnel when those same users are in the office (where they are directly connected to these networks)?

In other words, can I tell Warp to only go through the tunnel while the user is on the Internet, and not connect through the tunnel while the user is on the local network?

Normally, you do this with split tunneling, but if you want to route a private network through a cloudflared tunnel, you have to explicitly remove that network from the split tunnel config. How do I do this?


Taking the risk oy saying a stupid thing, I think that’s a question of how this people connect. I have a server running at 192.168.x.x and I can reach it if I’m at home. The same server is exposed trough the tunnel at https://whatever.tld

So when you are at home and you try to access the server, you are not routed through WARP? Did you have to do anything to get this?

In my case I have an apache server listen to 80, 443, 8000.
Then if in the browser I go to 192.168.x.x I do it internally
If I go to https://whatever.tld I use the tunnel.

1 Like

Today that’s not a feature offered. Warp is intended primarily as a zero trust solution where location is not a substitute for better identity and authorization. May be on their longer term roadmap?


Thanks, I feared as much.

Interesting workaround, at least. Thank you! I could give the resources a different DNS name for external access. Still, I wish WARP had an on/off-network detection built in.

maybe a dumb idea but … can’t you use the “suspend warp connection” from the settings of Warp ?

(french version - sorry, I can’t select the langage …)

But yes, you’ll lost all features from warp, not only the tunnel.

Nice idea, but it’s manual, and as you said, you’ll lose all other features. I don’t want to turn off WARP, I just want it to be a bit more intelligent about when to route traffic through a tunnel - and when not to.

I am surprised no one has thought about this yet. It’s a standard feature in almost any commercial VPN, SD-WAN and SASE client. Of course you want your traffic to be routed locally while you are there.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.