Connecting to Cloudflare Warp directly via
wg can have advantages in flexibility or specific scenarios. For example, the Warp client,
warp-cli would refuse to establish connection if it can’t override
/etc/resolve.conf. By connecting directly using WireGuard, you get control over all that.
The first step is to install
warp-cli and register using
warp-cli register. This will create the WireGuard private-key used for the connection and register it with Cloudflare. The private key can be found in
/usr/lib/cloudflare-warp/reg.json. The endpoint data and Cloudflare’s public key should be constant. Alternative endpoints are listed in
Adjust the following template accordingly, and put in int
[Interface] PrivateKey = XXXXXXXXXXXX Address = 172.16.0.2/32 Address = 2606:4700:110:892f:607d:85a6:5e07:70cf/128 [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = engage.cloudflareclient.com:2408
You can start the tunnel using
$ sudo wg-quick up warp`
Alternatively, you can import it to NetworkManager and be able to easily start it from the Gnome Quick Settings.
$ sudo nmcli connection import type wireguard file /etc/wireguard/warp.conf
You can easily check that the tunnel works, by visiting https://www.cloudflare.com/cdn-cgi/trace/ and looking for the line that says