Site-to-Site Connectivity issue with WARP Connector - Can't Ping Between Sites

Hi Cloudflare Community,

We are attempting to set up site-to-site connectivity using the WARP connector as per the documentation here.

The WARP tunnels are registered properly, but we are unable to ping or reach one site from the other. Additionally, there are no logs appearing on the dashboard to help diagnose the issue.

Could anyone provide any insights or share example configurations that might help us identify the root cause of this problem?

Thank you for your assistance!

Site A

[rocky@warp-a ~]$ warp-cli status
Status update: Connected
Success
[rocky@warp-a ~]$ 

[rocky@warp-a ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8942 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:33:dc:b4 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 192.168.0.58/24 brd 192.168.0.255 scope global dynamic noprefixroute eth0
       valid_lft 39755sec preferred_lft 39755sec
    inet6 fe80::f816:3eff:fe33:dcb4/64 scope link 
       valid_lft forever preferred_lft forever
7: CloudflareWARP: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc mq state UNKNOWN group default qlen 500
    link/none 
    inet 100.96.0.1/32 scope global CloudflareWARP
       valid_lft forever preferred_lft forever
    inet6 2606:4700:110:8fdf:d3b:644b:a65e:e1e3/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::3569:72e:9338:84e4/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
[rocky@warp-a ~]$ ip route
default via 192.168.0.1 dev eth0 proto dhcp src 192.168.0.58 metric 100 
172.16.1.0/24 via 100.96.0.3 dev CloudflareWARP 
172.161.0.0/24 dev CloudflareWARP scope link 
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.58 metric 100 

Site B

[rocky@warp-b ~]$ warp-cli status
Status update: Connected
Success
[rocky@warp-b ~]$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8942 qdisc fq_codel state UP group default qlen 1000
    link/ether fa:16:3e:56:36:c7 brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 172.16.1.11/24 brd 172.16.1.255 scope global dynamic noprefixroute eth0
       valid_lft 39609sec preferred_lft 39609sec
    inet6 fe80::f816:3eff:fe56:36c7/64 scope link 
       valid_lft forever preferred_lft forever
9: CloudflareWARP: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc mq state UNKNOWN group default qlen 500
    link/none 
    inet 100.96.0.3/32 scope global CloudflareWARP
       valid_lft forever preferred_lft forever
    inet6 2606:4700:110:8c6f:46af:225e:52f7:e150/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::dd67:6fcb:715d:53f/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
[rocky@warp-b ~]$ ip route
default via 172.16.1.1 dev eth0 proto dhcp src 172.16.1.11 metric 100 
172.16.1.0/24 dev eth0 proto kernel scope link src 172.16.1.11 metric 100 
192.168.0.0/24 via 100.96.0.1 dev CloudflareWARP 
[rocky@warp-b ~]$ 

I was just working on this today for the first time. I got connectivity working across two sites, though connectivity to and from the connectors themselves isn’t working for me right now.

Make sure you have enabled IP forwarding on both connectors, there’s also some IP tables rules referenced in Set up WARP Connector · Cloudflare Zero Trust docs

Ensure the networks you’re trying to route to are not exempt for split tunnelling. Ensure you’re testing from devices in the network to the connectors, rather than from the connectors themselves.

I have tested with the connector as the default gateway, but also with a different default gateway pointing routes at the WARP connector. There’s also a setting to allow TCP, UDP and ICMP over the warp to warp connectivity you might need to enable.

All that might sound like rambling, but I am still working bits out myself. Hope it helps.

Were you able to figure out the site to site?