macOS localhost route deleted after disconnecting from WARP

macOS Clients lose ability to connect to localhost/127.0.0.1 after disconnecting from WARP.

When disconnecting from the WARP service an alias added by the WARP client persists on the loopback interface. The alias address is 192.0.2.2 on lo0.

This command will remove the alias from the loopback interface (lo0) and restore the routing table.

sudo ifconfig lo0 -alias 192.0.2.2

More information below:

When disconnecting from the WARP service an alias added by the WARP client persists on the loopback interface. The alias address is 192.0.2.2 on lo0.

Performed some tests while monitoring the routing table with the command route -n monitor

When disconnecting from WARP the following routes are removed from the loopback interface (lo0):

got message of size 124 on Mon Aug 23 21:42:46 2021
RTM_DELETE: Delete Route: len 124, pid: 0, seq 0, errno 0, flags:<HOST,LOCAL,CONDEMNED>
locks:  inits: 
sockaddrs: <DST,GATEWAY>
 127.0.0.1 127.0.0.1

got message of size 80 on Mon Aug 23 21:42:46 2021
RTM_DELADDR: address being removed from iface: len 80, metric 0, flags:<UP>
sockaddrs: <NETMASK,IFP,IFA,BRD>
 255.0.0.0 lo0 127.0.0.1 127.0.0.1

got message of size 124 on Mon Aug 23 21:10:36 2021
RTM_DELETE: Delete Route: len 124, pid: 0, seq 0, errno 0, flags:<HOST,LOCAL,CONDEMNED>
locks:  inits: 
sockaddrs: <DST,GATEWAY>
 192.0.2.2 192.0.2.2

got message of size 80 on Mon Aug 23 21:10:36 2021
RTM_DELADDR: address being removed from iface: len 80, metric 0, flags:<UP>
sockaddrs: <NETMASK,IFP,IFA,BRD>
 (0) 0 ffff ff lo0 192.0.2.2 192.0.2.2

When running netstat -nr after disconnecting from WARP I can confirm that the route to 127.0.0.1 on the loopback (lo0) interface is missing from the routing table.

The effect of this is that all traffic destined for 127.0.0.1 is sent to the default route after disconnecting from WARP. Output from route -n get 127.0.0.1 below:

route to: 127.0.0.1
destination: default
       mask: default
    gateway: 10.0.0.1
  interface: en0
      flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL>

Reconnecting to the WARP service restores the route to 127.0.0.1 as the route to 192.0.2.2 is restored.

A way to restore the route to 127.0.0.1 on the loopback interface after disconnecting from WARP is to remove the alias from the loopback interface after disconnecting. sudo ifconfig lo0 -alias 192.0.2.2

After removing the alias traffic destined for 127.0.0.1 is properly added back at the loopback interface. route -n get 127.0.0.1

route to: 127.0.0.1
destination: 127.0.0.1
interface: lo0
   flags: <UP,HOST,DONE,LOCAL>

I hope this helps anyone else experiencing this issue when disconnecting from the WARP service and trying to connect to development resources locally!

2 Likes

I’m suffering from this same issue. Also, it’s a negative impact on less techy users, since some apps become broken after disconnecting from VPN.

A slightly more persistent fix is to specify a manual route with:

sudo route add 127.0.0.1 -interface lo0

Although this will continue working when connecting and disconnecting from WARP, it does not survive a reboot.

The easiest way to get that manual route to re-established after reboot would be a launch daemon that runs at startup.

If you’re deploying the launch daemon “bandaid” to many systems don’t forget to delete the launch daemon after Cloudflare patches out this problem!

This seems to be resolved in the latest Warp client for macOS! (version 1.6.27.0)

Update through the client or install via the download here: https://cloudflarewarp.com

Let me know if that solves it for you!