We have a private subnet on AWS 22.214.171.124/16.
We tried to use cloudflared to make our private subnet available via Warp. We followed this article: https://developers.cloudflare.com/cloudflare-one/tutorials/warp-to-tunnel
We have included the subnet IP range into the Warp split tunnel, and can see that on the client Warp app.
However, we cannot access the services within the private subnet.
- we have checked routing table and made sure the AWS private subnet is included (and routed through warp’s utun interface)
- we have tried to ssh to other EC2 instances on the instance (the one running cloudflared), it worked.
- warp can access other sites via warp, the IP belongs to Cloudflare, and warp is on by checking the /cdn-cgi/trace
Hi @nuno.diegues , appreciate your quick reply!
- Yes. it’s the only IP route through Cloudflare in the VPC and also in this Cloudflare team.
- Yes. It’s the same account.
- Yes. The property is added and can be confirmed through the log.
- The output is a little bit interesting…
The Warp desktop client is signed into the team (can confirm by the Team logo, the settings, also the split tunnel parameters); however, the
https://help.teams.cloudflare.com page shows
N/A in the Team name; also in the
WARP is on, but
Gateway proxy is off.
Do you think this might be the issue?
Ahh. It seems that I have missed this important configuration notice in the documentation:
Make sure HTTP traffic filtering is enabled. This lets Cloudflare proxy your private IP ranges to corresponding Cloudflare Tunnels.
Now that we have turned on HTTP traffic filtering, it’s working.
Sorry about that~ I should have read it more carefully.
Where does one enable HTTP traffic filtering?
I can’t seem to find it anywhere.
in Settings → Network → Firewall → Proxy (Enable)