Intelligent routing for alternating home LAN / road warrior scenario?

Using WARP as a VPN replacement:

  • tunnel connector running on a device in home LAN
  • home LAN route assigned to tunnel
  • warp client default profile settings:
  • Service mode: either “Gateway with WARP” or “Secure Web Gateway without DNS Filtering”
  • Split tunnels: Include IPs and domains, add only the home LAN route
  • Auto connect: enabled

Expected behaviour:

  1. in WARP client, keep warp connected toggle always on
  2. when outside home LAN, route traffic to home route via warp
  3. when physically connected to home LAN, do NOT route traffic for home LAN via warp

Actual behaviour:

  1. & 2) works as expected
  2. the traffic going to other hosts in the lan goes through the warp instead directly via lan; the host running the tunnel connector is unreachable. in order to normally reach lan, the toggle in warp client must be turned off and in the dashboard profile the auto connect must be disabled.

So, I can do the desired goal (access lan when outside, access lan when at home) but only when doing manual toggle of the warp client. However my father is not that technical and he travels a lot between home and secondary home. Using openvpn via tcp port does what I want, but I’d like to migrate to cloudflare warp.

Is there any hope WARP client can intelligently detect that the client is in “home” lan and only send dns queries over the warp, but not route the lan subnet via warp when laptop is at home?

this seems to already work when using iOS Cloudflare One app, but not using macOS app warp client

Use Managed Networks…

@sjr, that looks a bit overcomplicated. Does the wifi exclusion list keep working after logging in to Zero Trust? The settings seems to be unavailable when client is authenticated to Zero Trust, but reappears after logging out.