Scenario: To access a private network using WARP and Tunnel, I need the Split Tunnel to exclude all Private IP addresses, but include the Tunnel segment that needs to go through WARP, eg. 10.0.42.0/24.
Currently, the document suggests:
To configure Split Tunnels for private network access:
- First, check whether your Split Tunnels mode is set to Exclude or Include mode.
- If you are using Include mode, add your network’s IP/CIDR range to the list.
- If you are using Exclude mode:
- Delete your network’s IP/CIDR range from the list. For example, if your network uses the default AWS range of
172.31.0.0/16, delete172.16.0.0/12.- Re-add IP/CDIR ranges that are not explicitly used by your private network. For the AWS example above, you would add new entries for
172.16.0.0/13,172.24.0.0/14,172.28.0.0/15, and172.30.0.0/16. This ensures that that only traffic to172.31.0.0/16routes through WARP.By tightening the private IP range included in WARP, you reduce the risk of breaking a user’s access to local resources.
https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/private-net/connect-private-networks/#3-route-private-network-ips-through-warp
So to exclude 10.0.42.0/24, we remove the segment from 10.0.0.0/8:
- 10.0.0.0/8
+ 10.0.0.0/19
+ 10.0.32.0/21
+ 10.0.40.0/23
+ 10.0.43.0/24
+ 10.0.44.0/22
+ 10.0.48.0/20
+ 10.0.64.0/18
+ 10.0.128.0/17
+ 10.1.0.0/16
+ 10.2.0.0/15
+ 10.4.0.0/14
+ 10.8.0.0/13
+ 10.16.0.0/12
+ 10.32.0.0/11
+ 10.64.0.0/10
+ 10.128.0.0/9
100.64.0.0/10
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.168.0.0/16
224.0.0.0/24
240.0.0.0/4
255.255.255.255/32
This is very tedious. If multiple tunnels need configuration, it becomes a nightmare.