When connecting using ZeroTrust WARP on my Android, I can access devices on the defined private network. However, on my mac when doing the same thing, the same IP’s time out and show nothing.
Could you please visit https://cloudflare.com/cdn-cgi/trace while connected to WARP on your Mac and share the output?
This is the output of that when my Mac is connected via WARP.
fl=138f27 h=cloudflare.com ip=2a09:bac5:6239:569::8a:1b ts=1684606364.267 visit_scheme=https uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/188.8.131.52 Safari/537.36 Edg/112.0.1722.48 colo=SMF sliver=none http=http/3 loc=US tls=TLSv1.3 sni=plaintext warp=plus gateway=off rbi=off kex=X25519
and this is the same site on my Android phone via WARP
fl=4f626 h=cloudflare.com ip=2a09:bac1:76c0:28::4:272 ts=1684606436.553 visit_scheme=https uag=Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/184.108.40.206 Mobile Safari/537.36 colo=SJC sliver=010-tier1 http=http/2 loc=US tls=TLSv1.3 sni=plaintext warp=plus gateway=off rbi=off kex=X25519
I see that your Mac is connecting over HTTP/3, which uses UDP instead of TCP. Do you have UDP proxying enabled in your network settings?
I don’t have any proxy enabled in network settings.
On another note when my router uses the same local IP range as is configured in zero trust (10.0.0.0/24) mac does not connect to the private devices (android doesn’t seem to mind this). However, when the router’s local IP range is different (192.168.1.0/24) than the zero trust range (10.0.0.0/24) macos allows me to connect. Could this be contributing to or caused by the HTTP/3 issue? Maybe there is some mac setting that routes subnet routes internally rather than allowing cloudflare to handle them or something? idk.
Oh I never enabled the firewall in zero trust.
If the proxy is not enabled in Zero Trust network settings, then connections will not be routed through the tunnel to your private network. I believe TCP proxy is enabled by default, but you have to manually enable UDP.
I enabled UDP under the proxy settings and it did not make any difference. I still believe it’s because of the local subnet tbh, because when I change my router settings to use a completely different ip address space than zero trust, it works. Even on my mac with HTTP/3.
For now, I simply moved the IP ranges for zero trust up by 65,536
So 10.0.0.0/24 is now 10.1.0.0/24, this should prevent any IP overlap with the local routing tables when connecting (even though the local routing tables are not needed by me).
Thank you for the help Albert!