Does Zero Trust have multiple outbound IPs?

enysvsgetorly · June 5, 2022, 2:32am

I connect to Cloudflare Access and use the official Linux WARP client to connect to WARP.

First, I can see warp=plus in the response from https://www.cloudflare.com/cdn-cgi/trace, which means I’m connected to WARP Plus.

Then I repeat curl ipinfo.io/ip to get the outbound IP, but the outbound IP is rotated, there are about 3 IPs in rotation. I didn’t reconnect to WARP during getting outbound IP.

In this case, I might be accessing the same site via different outbound IPs at the same time, which means it might trigger a reCAPTCHA.

Is there any configuration to control this?

erictung · June 5, 2022, 3:16am

Yes, they have a few subnets/IP ranges which are dedicated for WARP outbound traffic use, however I can’t remember exactly which subnet/IP ranges they are using, maybe someone can post it here.

On the other hand, I don’t think you can control the outbound IPs used to connect to the website AFAIK.

enysvsgetorly · June 5, 2022, 3:49am

To clarify, I don’t want to fix outbound IP, and I know WARP has some IP ranges.

I can definitely understand that the outbound IP might change if I reconnect(establish a new WARP session)

But in my case the outbound IP was rotated during the same WARP session (meaning no reconnect was performed).

enysvsgetorly · June 9, 2022, 2:52pm

Thank you for your reply.
I posted more details above, do you have any suggestions?

cscharff · June 9, 2022, 9:50pm

Warp takes advantage of a number of Cloudflare features including Argo smart routing to use Cloudflare’s backbone for traffic routing closer to a given color for performance reasons. That will have a different IP. It also uses tens of thousands of metals in hundreds of data centers. Sessions can be shifted in data center for lots of reasons

enysvsgetorly · June 10, 2022, 1:59pm

Thank you for reply.
I can understand that WARP uses Cloudflare’s backbone to optimize traffic routing.
But if I use different IPs to access a site during a HTTP session, it might be identified as attack traffic.

To explain my case, I connect to WARP+ and repeatedly run “curl ip.sb” within 10s to get the outbound IP.
The result below show that the outbound IP changed several times in this 10 seconds.

[email protected]:~# curl ip.sb
104.28.227.187
[email protected]:~# curl ip.sb
104.28.195.186
[email protected]:~# curl ip.sb
104.28.195.186
[email protected]:~# curl ip.sb
104.28.227.187
[email protected]:~# curl ip.sb
104.28.227.187
[email protected]:~# curl ip.sb
104.28.195.186
[email protected]:~# curl ip.sb
104.28.227.187

I try to access Google and it says “Unusual traffic from your computer’s network”. This notification will disappear if I disconnect WARP+ or use WARP (w/o plus, free plan).
BTW, if I don’t reconnect, the outbound IP of WARP free plan wouldn’t changes.

enysvsgetorly · June 11, 2022, 4:31am

Found a similar issue reported.