[Tutorial] How to use Cloudflare WARP on your Mac

Thank you so much for creating Cloudflare WARP! I enjoy using it on my phone and I’m very excited about the technology behind it and all the potential it offers for upgrading existing routing and speed. I finally have an IPv6 address after all these years :slight_smile:

I was looking for a way to make Cloudflare WARP work on my Mac as well and wanted to share my experience.

This step-by-step video tutorial will guide you through the procedure of installing WireGuard and Cloudflare WARP on your Mac:

Use Cloudflare WARP on your Mac - https://www.youtube.com/watch?v=eeHO5NZGkBI

Here are the setps:

  1. Download the official WireGuard app from the Mac App Store:
    ‎WireGuard on the Mac App Store

  2. Open the App, Click on the + symbol on the bottom left corner and choose “Add Empty Tunnel…”

  3. On the new window, the app will generate new Private key and Public key. Keep this window open for the time being.

  4. Download the wgcf.py file from here (credit goes to its original creators):
    https://github.com/161134050/cloudflare-warp-wireguard-client/blob/master/wgcf.py

  5. Go to the Online Pyton Compiler website:
    Python Online Compiler & Interpreter - Replit

  6. Copy the contents from the wgcf.py file, paste it on the Online Pyton Compiler website and click on “Run” from the top menu.

  7. The Pyton script will ask for the Public and Private keys generated on the WireGuard app. Simply copy and paste them from the app when requested.

  8. When the Pyton script completes, it will create a new Cloudflare WARP account and will save the config info in a file called “wgcf-profile.conf”. Copy the contents from the “wgcf-profile.conf” file on the website and paste them inside the WireGuard app window (replacing the existing text).

  9. Finally, name the connection “Cloudflare WARP” (or whatever you like) and click on “Save”.

  10. Click on “Activate” inside the WireGuard app to connect your Mac to the Cloudflare WARP service.

That’s it!

If you already have a WARP or WARP+ account on your phone, you can also get the Public and Private keys from there (and skip the steps 4-7). However, the procedure might be more complex and could require access to your phone Backup files.

Alternatively, there is now also a standalone version of the script that doesn’t require Python. The procedure to run it is different, and you can find more details about it here:
https://github.com/ViRb3/wgcf

3 Likes

So I’m not saying don’t do it, because a. It’s the internet and b. I can’t even get my dog to do what I say… but I do want to just point out this is technically not supported today.

Will it work? Almost certainly. Will it always work? Unclear. Will we triage bug reports for desktop issues? Probably, but the disposition will likely be to close the report.

As long as you are not looking for new and exciting ways to abuse the ■■■■ out of our services (maliciously… if you are doing research then cool beans) then I doubt we really care (disclaimer… opinion is my own but the people who might care are really really busy with more important things so if you don’t make them notice you I am not going to either).

Seriously @cloonan I can’t say ■■■■? But I bet I can use the emoji… :poop:

Why must you always stifle my desire for engaging discourse?

3 Likes

Thank you so much for the reply!

I know what you mean. I really hope it will be received in the good spirit in which it is intended, to try out cool technology.

Looking forward for the official Desktop WARP app, this is only a workaround for people like me in the meantime.

I’m sure you can detect the device type initiating the connection and segregate if needed.

However, if it causes any issues (or if needs to be removed for any reason), please let me know and I would remove it right away.

thanks a lot, works like a charm!

the only thing - the main.py file is now called wgcf.py

2 Likes

Glad to hear that and thank you so much for the update!

I’ve edited the original post and applied the changes you’ve suggested. The file is now wgcf.py

1 Like

Nice bit of python!
Looks like the api endpoint might have changed?

requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://api.cloudflareclient.com/v0a769/reg

Thank you for your comment! Credit for the python script goes to its original creator on github.

Yes, I’ve just checked and it seems the API endpoint is unreachable at the moment. Could be just temporary or, hopefully, they are preparing to release the official app, so this would no longer be needed.

hey
when i connect to warp.conf in wireguard i can’t brows any webpage but i can access to telegram desktop
it has not any problem but suddenly happened
why it got like this and how should i fix it
i tried everything
please help me i’m desperate

Thank you for your comment and I’m sorry to hear that.

Warp does seem to be working properly. Perhaps you might want to check if your ISP is blocking Cloudflare or any other connections locally.

1 Like

The Github link is broken… I found this medium article and it worked.

Hey Vladimir, I have been using Cloudflare Warp with Wireguard on my Mac for a few months now and It works “GREAT”.
Thanks for sharing :slight_smile:
I also wanted to recommend Cloudflare for Teams (Gateway) if you are looking for speed, reliability, and protection. For more info: Introducing Cloudflare for Teams

Cheers,
Mario

1 Like

The Github repository was archived as the Developer moved to Go from Python.
The same link is cloudflare-warp-wireguard-client/wgcf.py at master · ViRb3/cloudflare-warp-wireguard-client · GitHub

Although the Medium article seems easier and streamlined.
Thanks for the link.

1 Like

A cool side effect is US Netflix… not sure if this will exist forever though :stuck_out_tongue:

Update: Cloudflare now has an official beta app for macOS:

You can download the official Cloudflare beta app for macOS from here:
https://1.1.1.1/beta/

or from
https://1.1.1.1/Cloudflare%201.1.1.1%20macOS.zip

With reference to the blog post, Cloudflare extended the WireGuard protocol to allow WARP identify the WireGuard session by adding a clientid into the WireGuard header.

I think using other WireGuard to connect to WARP may have some problem on load balancing.