Some devices lose internet when cloudflare Warp is connected

I am trying to configure ZTNA. I have the tunnel setup and 4 out of 6 devices working as expected.

However the other 2 devices lose all internet connectivity when the warp client is connected. I lose remote access and the user loses internet.

On one of these devices I uninstalled/restarted/reinstalled warp and the issue is not resolved. Does anyone have any clues what might be going on?



Are the two devices that are having issues on notably different private LAN IP ranges?

Sometimes configuration issues in the split tunnel settings can cause traffic destined to the local router to be sent down the warp tunnel.

Alternatively there may be a block on those devices to some required ports/IP addresses that warp needs to function.

I have been experimenting with making a tool that can be used to check a warp-diag file for known issues on a users local system:

You may find this helpful to assist in reviewing the logs after they have been generated:

Thank you for the links I will check them out.

With split tunnelling I am only doing includes and including the Private Networks apps that we need access too.

The other two devices are installed on standard home LANs with a IP range that is different to the Private LAN they are tunnelling to, and not part of the Included IPs in split tunnelling.

FOUND: I just discovered that one of the two devices that are having the issues, cloudflare on the endpoint seems to be set to Exlcude in the tunnelling. All other devices are Include. But I only have the one policy. How is it getting the wrong settings.

Not sure if a coincidence or not but both devices that cannot connect are the same hardware. Lenovo Thinkpad E15. Is it possible there is some sort of hardware incompatibility?

There is no incompatibility that I am aware of but if the deployment on that machine was made via MDM and there is a local XML file that contains config this will override the remote profiles.

If you check the warp-settings.txt file in the warp diag log you should see (local policy) in front of the split tunnel mode if this is the case.

If the settings file says (network) in front
of the split tunnel list it means it is pulled from the orchestration API