What is the name of the domain?
What is the error message?
Jan 24 03:25:49 ip-x-x-x-x.x.compute.internal warp-svc[1395]: 2025-01-24T03:25:49.335Z WARN tunnel_loop{protocol=“masque” con_id=“******”}: warp_edge::tunnel_loop: Dropping martian, tun should not have seen this src_addr=10.x.x.x
What is the issue you’re encountering
When sending a packet from another host to a router with warp connector running, the source IP is not replaced with 100.64/10
What steps have you taken to resolve the issue?
First I checked that forward was set correctly in sysctl.
[ssm-user@ip-10-x-x-x ~]$ sudo sysctl -a | grep 'ipv4.*\.forward'
net.ipv4.conf.CloudflareWARP.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.ens5.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
Next, I checked to see if warp was connected properly.
[ssm-user@ip-10-x-x-x ~]$ sudo warp-cli connect
Success
[ssm-user@ip-10-x-x-x ~]$ sudo warp-cli status
Status update: Connected
Next, I sent a request to curl -4 -L -vvv https://google.com from the linux client connected to the router (linux where warp connector is running) and perform tcpdump on the router side. I confirmed that the source IP was not replaced with 100.64/10 and ack was not returned.
[ssm-user@ip-10-x-x-x ~]$ host google.com
google.com has address 142.251.42.142
google.com has IPv6 address 2404:6800:4004:825::200e
google.com mail is handled by 10 smtp.google.com.
[ssm-user@ip-10-x-x-x ~]$ sudo tcpdump -i CloudflareWARP -nn dst host 142.251.42.142
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on CloudflareWARP, link-type RAW (Raw IP), snapshot length 262144 bytes
03:43:20.577663 IP 10.x.x.x.59742 > 142.251.42.142.443: Flags [S], seq 1974345231, win 62727, options [mss 1240,sackOK,TS val 674608617 ecr 0,nop,wscale 6], length 0
03:43:21.616369 IP 10.x.x.x.59742 > 142.251.42.142.443: Flags [S], seq 1974345231, win 62727, options [mss 1240,sackOK,TS val 674609656 ecr 0,nop,wscale 6], length 0
03:43:23.696342 IP 10.x.x.x.59742 > 142.251.42.142.443: Flags [S], seq 1974345231, win 62727, options [mss 1240,sackOK,TS val 674611736 ecr 0,nop,wscale 6], length 0
Next, I sent a request to curl -4 -L -vvv https://google.com from the router (linux with warp running) and performed tcpdump. The source IP was replaced with 100.64/10, and it worked perfectly.
[ssm-user@ip-10-x-x-x ~]$ sudo tcpdump -i CloudflareWARP -nn dst host 142.250.196.142
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on CloudflareWARP, link-type RAW (Raw IP), snapshot length 262144 bytes
03:49:33.926823 IP 100.96.x.x.34904 > 142.250.196.142.443: Flags [S], seq 3579039339, win 64480, options [mss 1240,sackOK,TS val 3918743848 ecr 0,nop,wscale 6], length 0
03:49:33.941643 IP 142.250.196.142.443 > 100.96.x.x.34904: Flags [S.], seq 2785022168, ack 3579039340, win 65535, options [mss 1240,sackOK,TS val 573832228 ecr 3918743848,nop,wscale 13], length 0
03:49:33.941679 IP 100.96.x.x.34904 > 142.250.196.142.443: Flags [.], ack 1, win 1008, options [nop,nop,TS val 3918743863 ecr 573832228], length 0
03:49:33.947980 IP 100.96.x.x.34904 > 142.250.196.142.443: Flags [P.], seq 1:518, ack 1, win 1008, options [nop,nop,TS val 3918743869 ecr 573832228], length 517