I have configured a managed network in my WARP profiles to toggle the WARP client from “Gateway with WARP” into “Proxy mode” whenever I get back home onto my local WiFi, as it is useless to forward all local traffic connections via the Cloudflare gateway when everything can be accessed on the local network directly.
My Macbook is fine with this and will switch to proxy mode whenever (mostly) I connect to my local wifi and will switch back to “Gateway with WARP” mode when I’m not on my local network.
On iOS however, it doesn’t work at all.
I can see that the iOS client connects to my webserver to verify the sha265 fingerprint of the SSL certificate when I join my local WiFi, but then it doesn’t actually switch to proxy mode. It just stays in gateway mode and will hence forward all my local traffic to the cloudflare gateway only to then come back in via the cloudflare tunnel, which is a really unnecessary detour on a local network.
Has anyone gotten this to work semi-reliably on iOS? Currently the zero trust thing is rather useless on iOS if I can’t get it to reliably drop the warp connection when joining the local WiFi network. This was working much better, when we still had the trusted WiFi networks option where it would just turn off the connection when on the WiFi, before that was replaced with the flaky tls certificate checksum verification. That may be more secure, but it really only helps if it’d actually work.