When connecting using ZeroTrust WARP on my Android, I can access devices on the defined private network. However, on my mac when doing the same thing, the same IP’s time out and show nothing.
Could you please visit https://cloudflare.com/cdn-cgi/trace while connected to WARP on your Mac and share the output?
Sure!
This is the output of that when my Mac is connected via WARP.
fl=138f27
h=cloudflare.com
ip=2a09:bac5:6239:569::8a:1b
ts=1684606364.267
visit_scheme=https
uag=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.48
colo=SMF
sliver=none
http=http/3
loc=US
tls=TLSv1.3
sni=plaintext
warp=plus
gateway=off
rbi=off
kex=X25519
and this is the same site on my Android phone via WARP
fl=4f626
h=cloudflare.com
ip=2a09:bac1:76c0:28::4:272
ts=1684606436.553
visit_scheme=https
uag=Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Mobile Safari/537.36
colo=SJC
sliver=010-tier1
http=http/2
loc=US
tls=TLSv1.3
sni=plaintext
warp=plus
gateway=off
rbi=off
kex=X25519
I see that your Mac is connecting over HTTP/3, which uses UDP instead of TCP. Do you have UDP proxying enabled in your network settings?
I don’t have any proxy enabled in network settings.
On another note when my router uses the same local IP range as is configured in zero trust (10.0.0.0/24) mac does not connect to the private devices (android doesn’t seem to mind this). However, when the router’s local IP range is different (192.168.1.0/24) than the zero trust range (10.0.0.0/24) macos allows me to connect. Could this be contributing to or caused by the HTTP/3 issue? Maybe there is some mac setting that routes subnet routes internally rather than allowing cloudflare to handle them or something? idk.
Oh I never enabled the firewall in zero trust.
If the proxy is not enabled in Zero Trust network settings, then connections will not be routed through the tunnel to your private network. I believe TCP proxy is enabled by default, but you have to manually enable UDP.
I enabled UDP under the proxy settings and it did not make any difference. I still believe it’s because of the local subnet tbh, because when I change my router settings to use a completely different ip address space than zero trust, it works. Even on my mac with HTTP/3.
For now, I simply moved the IP ranges for zero trust up by 65,536
So 10.0.0.0/24 is now 10.1.0.0/24, this should prevent any IP overlap with the local routing tables when connecting (even though the local routing tables are not needed by me).
Thank you for the help Albert!