Public IP through WARP/Teams client

Hey guys,

here is something that really confuses me. When I am connected through CF Gateway, using the WARP client, when I go to a website like or, I can see my actual, local public IP. Shouldn’t I be seeing whatever public IP I have assigned on my WARP interface?

What kind of magic sauce is at play here?

Note: I am using full HTTP tunneling through WARP, not just DNS.

this is not a VPN. if you access cloudflare websites, they will see your real actual public IP, no hide/different IPs.

but if you access non cloudflare websites, they will instead see cloudflare’s IP.

this is by design since the beginning of warp.

Just to clarify, technically Cloudflare WARP is still a VPN based on Wireguard protocol, it’s just that it works a bit different than other VPN providers.

Yes, I mean the definition of “VPN” is to bypass geo-locked contents, be other countries, spoof IPs, etc.

Tell that to all corporate users :wink:

A VPN is a technology to join another network and - as @erictung already said - that is exactly what WARP does. The obfuscation of the client address is just a marketing gimmick companies are trying to sell you. It’s a misconception just like when people refer to traffic as bandwidth.

1 Like

I know it’s not a VPN in the sense of things like NordVPN. That wasn’t my question. I am just trying to understand what magic applies when my “real” IP is seen through WARP, because obviously, Cloudflare is not routing our IPs. If a website sees our real IP when connected through WARP, the website would send its response packets to the real IP, which would mean return traffic is not routed through WARP.

Would love if a CF team member could shed some light on this. Or someone who knows what I am talking about.

When you are connected to WARP, you are connected to the Cloudflare edge network. If the website you are accessing is also using Cloudflare, that means the website is on the Cloudflare edge network too.

Since you are connected to the Cloudflare edge network, Cloudflare can immediately serve website contents that are already on the Cloudflare network, without extra routing to the other network.

Because the packet stays inside the Cloudflare edge network, Cloudflare will just pass your real IP directly to the Cloudflare-proxied website that you are accessing.

1 Like

simple, they send x-forwarded-for and cf-connecting-ip headers. no fancy stuffs

Thanks guys. I am still trying to wrap my head around this, though. I am a network engineer, maybe I am thinking too much in terms of routing, NAT, etc.

I can see how a x-forwarded-for header would work, if the responding website is actually reading and using that header. But what about other, non-HTTP traffic?

Some of these “what is my IP” sites are reporting my real address, others are reporting a cloudflare address, so it’s not even consistent.

Most of the time Cloudflare is just an HTTP proxy, so any non-HTTP traffic will just exit from the Cloudflare network and reach the server directly.

True. Some of them are using Cloudflare as their CDN.

Alright. I think it’s starting to “click” in my head and make sense. Thanks for all the input, everyone.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.