You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -25,7 +25,7 @@ This mode is best suited for organizations that only want to apply DNS filtering
25
25
26
26
## Secure Web Gateway without DNS filtering
27
27
28
-
This mode is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
28
+
This mode (sometimes referred to as tunnel only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device.
29
29
30
30
| DNS filtering | Network filtering | HTTP filtering | Features enabled |
@@ -35,6 +35,7 @@ This mode is best suited for organizations that want to proxy network and HTTP t
35
35
36
36
- This mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/).
37
37
- Only available on Windows, Linux, and macOS.
38
+
- This mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode).
The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users.
103
+
The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users.
104
104
105
105
## Access WARP DNS from Docker
106
106
@@ -121,7 +121,7 @@ Address: 8.8.8.8:53
121
121
122
122
** server can't find connectivity-check.warp-svc.: NXDOMAIN
123
123
** server can't find connectivity-check.warp-svc.: NXDOMAIN
Use of the WARP client in a Microsoft 365 Windows 10 Cloud PC is not supported. To work around this limitation, use Windows 11.
159
159
160
+
## IPv6 DNS Resolution in Secure Web Gateway without DNS filtering mode
161
+
162
+
In [Secure Web Gateway without DNS filtering](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#secure-web-gateway-without-dns-filtering) mode, after the WARP tunnel is established, WARP checks connectivity by resolving `connectivity.cloudflareclient.com` using the DNS server configured on the device.
163
+
164
+
Sometimes this check fails because the DNS server—often assigned by DHCP and accessible only on the local network—becomes unreachable when traffic is routed through the WARP tunnel.
165
+
166
+
For IPv4, failure is uncommon because DHCP-assigned DNS servers typically use private (RFC 1918) addresses, which WARP excludes from the tunnel by default.
167
+
168
+
However, in an IPv6 environment, there is no automatic exclusion. If your DNS server uses an IPv6 address, you must manually exclude it from WARP’s tunnel using [split tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) settings for Secure Web Gateway without DNS filtering mode to work properly.
169
+
160
170
## Troubleshooting
161
171
162
172
-[Troubleshooting](/cloudflare-one/faq/troubleshooting/) - Review Troubleshooting for other WARP-related troubleshooting errors and solutions.
0 commit comments