In my work I use two servers which are located in different places in the local networks. They are not accessible to the Internet except for a few approved web applications, and I access the server control panel by typing into my browser the address of that server, e.g. 192.168.88.111.
I use wireguard VPN tunnels to access these two networks. They connect and I get access to the whole subnet (e.g. 192.168.88.1/24). I was wondering if I could use cloudflare for teams (CFT) to replace wireguard so that I can access my server transparently from anywhere with internet access simply by typing in the server address (like h[tt]p://192.168.88.111) or connecting to it via SSH.
I have WARP on my phone and computer all the time because I’m worried about my traffic, and I like the option described above since I wouldn’t have to worry about multiple VPN applications anymore.
From what I understand, this can even be done as part of the free CFT plan, but the problem is that I don’t understand exactly what I have to do in the cloudflare control panel to get multiple devices into a single network. I have created an organization in CFT, and logged into it on my client devices using the WARP client, but I still don’t understand what I need to do on the server to make it accessible from the client devices.
I’ve attached a picture below that depicts what the overall operation of this system should look like. There are WAPR clients running on the devices, which proxies all traffic from these devices to prevent the operator/provider/owner of the wifi router from having access to my traffic, as well as to bypass some restrictions on access to Internet resources in my country. But at the same time, these warp clients connect my devices to my servers located in private networks.
As far as I understand, what I want is described in this section: h[tt]ps://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net
I do not understand how to make this solution work. At the moment I have done the following:
1)Added a website to cloudflare (h[tt]ps://support.cloudflare.com/hc/en-us/articles/201720164-Creating-a-Cloudflare-account-and-adding-a-website), including moving the name servers (h[tt]ps://support.cloudflare.com/hc/en-us/articles/205195708)
2)Installed cloudflared (h[tt]ps://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/installation) on a server on your local network.
3)Enabled the “Argo” switch under “traffic” in the site control panel.
4)Performed “cloudflared tunnel login” successfully, authorizing cloudflared for my site
5)Executed “cloudflared tunnel create”.
6)Executed “cloudflared tunnel route ip add 192.168.88.0/24” where 192.168.88.0 is my home subnet. For example, the router is 192.168.88.1 and the server is 192.168.88.111.
7)Executed “cloudflared tunnel route ip show”, and got the following:
[email protected]:~$ cloudflared tunnel route ip show
NETWORK COMMENT TUNNEL ID TUNNEL NAME CREATED DELETED 192.168.88.0/24 72d62d91-7879-479b-a38e-ab4dafd33dcc farewell-vm 2021-03-22T22:02:28Z -
8)Did “cloudflared tunnel route ip get 192.168.88.111” where 192.168.88.111 is my server on my home network. According to the h[tt]ps://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/create-tunnel documentation page, this command checks if the route matches the address. The output is the following:
NETWORK COMMENT TUNNEL ID TUNNEL NAME CREATED DELETED 192.168.88.0/24 72d62d91-7879-479b-a38e-ab4dafd33dcc farewell-vm 2021-03-22T22:02:28Z
Which, as I understand it, shows that this IP is properly routed to this tunnel.
9)Created a configuration file(etc/clouddflared/config.yml) and wrote the following into it:
tunnel: xxxxxx-xxx-xxx-xxx credentials-file: /etc/cloudflared/xxxxx-xxx-xxx.json warp-routing: enabled: true
10)Started the tunnel as a service (h[tt]ps://developers.cloudflare.com/cloudflare-one/connections/connect-apps/run-tunnel/run-as-service)
11)Logged into CFT on my mobile devices in the account corresponding to the organization(logged in through the email corresponding to the site above), and I see these devices in the appropriate sections of the team at h[tt]ps://dash.teams.cloudflare.com/
But after all this, I still can’t access from my devices running WARP to 192.168.88.0/24. What did I do wrong?