[Resolved] Warp-routing not working for AWS VPC

We have a private subnet on AWS 172.32.0.0/16.

We tried to use cloudflared to make our private subnet available via Warp. We followed this article: https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel

We have included the subnet IP range into the Warp split tunnel, and can see that on the client Warp app.

However, we cannot access the services within the private subnet.

  • we have checked routing table and made sure the AWS private subnet is included (and routed through warp’s utun interface)
  • we have tried to ssh to other EC2 instances on the instance (the one running cloudflared), it worked.
  • warp can access other sites via warp, the IP belongs to Cloudflare, and warp is on by checking the /cdn-cgi/trace

Hello,

  • Is this your first (and only) IP Route through Cloudflare?
  • Is your WARP enrolled Teams client in the same Cloudflare account as the Cloudflare Tunnel?
  • Is your Tunnel running with “warp-routing” property “enabled” in the YAML file?
  • Can you show the output of https://help.teams.cloudflare.com/ ?

Hi @nuno.diegues , appreciate your quick reply!

  1. Yes. it’s the only IP route through Cloudflare in the VPC and also in this Cloudflare team.
  2. Yes. It’s the same account.
  3. Yes. The property is added and can be confirmed through the log.
  4. The output is a little bit interesting…

The Warp desktop client is signed into the team (can confirm by the Team logo, the settings, also the split tunnel parameters); however, the https://help.teams.cloudflare.com page shows N/A in the Team name; also in the HTTP filtering, WARP is on, but Gateway proxy is off.

Do you think this might be the issue?

Best,

Ahh. It seems that I have missed this important configuration notice in the documentation:

Make sure HTTP traffic filtering is enabled. This lets Cloudflare proxy your private IP ranges to corresponding Cloudflare Tunnels.

Now that we have turned on HTTP traffic filtering, it’s working.

Sorry about that~ I should have read it more carefully.

Thanks!

3 Likes

Where does one enable HTTP traffic filtering?
I can’t seem to find it anywhere.

in Settings → Network → Firewall → Proxy (Enable)