No access to private network through tunnel using WARP

Hello,
I started looking into tunnels since I was put behind CGNAT by my ISP.
I managed to create the HTTP tunnel and made it work with a public hostname. I was able to connect to my web server on raspberry pi.
As I want to connect to all other devices and services (windows shared folder, samba server…) I tried to create a private network tunnel and use WARP, basically as a VPN, but I cannot make it work.

I am using WARP for android and am connected to the team. I have internet access while connected.
The tunnel is active and the connector is connected.
The tunnel is configured to private network 192.168.1.0/24.
My home router is 192.168.1.1 and the connector (RPI) is 192.168.1.14
Proxy is enabled and split tunnels do not include anything starting with 192.
cert.pem is installed on the phone.
Here is the trace result

fl=114f222
h=www.cloudflare.com
ip=my real public IP
ts=1660134984.236
visit_scheme=https
uag=Mozilla/5.0 (Linux; Android 9; Lenovo L78011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.134 Mobile Safari/537.36 OPR/70.3.3653.66287
colo=VIE
sliver=none
http=http/2
loc=RS
tls=TLSv1.3
sni=plaintext
warp=on
gateway=on

I am trying two different things to confirm the tunnel works.

  1. connect to adguard web server 192.168.1.14:port
  2. connect to smb share, also on 192.168.1.14. This share is already configured in solid explorer
    When in the local network (home wifi) I can use both.
    I tried to connect from my work wifi (same local IP range) and mobile network.

Really not sure how to troubleshoot it anymore so any help is appreciated.
Thanks.
Danko

Hello,

Did you enable Proxy? (Settings->Network->Proxy). Note that sometimes it takes a few hours to work after activation.

Yes, proxy is enabled.
I have just tried it again based on the few hours part of your suggestion, but it is still not working.

Hallo,

The tunnel is configured to private network 192.168.1.0/24.

Does this mean you added the network segment to your tunnel by running this cloudflared tunnel route ip add 192.168.1.0/24 ?

Proxy is enabled and split tunnels do not include anything starting with 192.

Split tunnels mode is Exclude?

Yes to both.
My tunnel is configured via GUI over the web interface, but just to be sure, I did one locally as well via CLI.
“cloudflared tunnel route ip show” does show 192.168.1.0/24

Just updated to the new version of cloudflared, restarted the service, and still no luck.
I have also checked the logs on the dashboard and all entries say “allow”

I also tried installing cloudflared on the PC (win10). The connector was active and again, no connection to local stuff.
I still have to try WARP on the windows machine, but I did try it on the friend’s phone with a different service carrier.

Maybe check your network log in Cloudflare teams dashboard for the destiny ip

Destination IP definitely has nothing to do with my home IP.
Logging in the network section does stop if I don’t do anything and then entries will appear (after 30sec or so) if I try to access my network.
Trying to get to web server from opera browser, the destination is some Chinese or HK address. Trying to connect to NAS through the explorer app, I get the Austrian (AT) destination IP

I had this working previously but now it’s stopped.

I have the same setup as the original poster but used IP range 192.168.0.0/16 as the public network configured on the zero trust dashboard.

I excluded 192.168.0.0/16 from the split tunnel

I could then access all local network when the warp client was running on Android on a different internet connection.

It no longer works for me now, I get err connection timed out in chrome for local http services on 192.168.1…

Can anyone confirm if local access is working for them?

I have just tried it on my Android. I joined my Zero Trust organization and after authentication I was able to hit my 172.16 network without issues.

I would suggest you to check the cloudflared logs to see if there’s any tips.

Hi, Thank you for checking

I have resolved my issue by going into settings ~advanced ~ reset security keys in the warp app.

I then gained access again.

1 Like

Thank you for sharing the solution!

1 Like

Thanks for the tip, but reseting security keys did not help either.
I can’t seem to find anything in the logs and I am not even sure what I am looking for in it.

Just to bump this thread a little.
I did not give up but still had no success with it.
I spent a little more time with the logs and found out that the phone’s try of a connection does not register in the logs at all. Or, the phone doesn’t even try to connect to the home server at all.
What I do get in the logs is the IP for the “https://www.cloudflare.com/cdn-cgi/trace” and then a few entries for the IP of “tools.3g.qq”.com which is some android check thingy.
Internet does work and visiting a page does also show log entry.
So it is like warp is refusing local services.

Sorry for the double post.
Being the genius that I am, I just tried to switch the split tunnel from exclude to include and I have added 192.168.1.0/24 and it works great.
Just to clarify, I did previously delete this network from exclude split tunnels. All the documentation I have found indicated this was enough. Not sure if it has something to do with my phone, home network, or whatever.
You can now close the thread as solved.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.