Skip to content

Commit 7edeb3b

Browse files
ranbelranbel
committed
private network config
1 parent 78b740e commit 7edeb3b

File tree

1 file changed

+17
-3
lines changed

1 file changed

+17
-3
lines changed

src/content/partials/cloudflare-one/tunnel/warp-to-tunnel-route-ips.mdx

Lines changed: 17 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,28 @@ params:
33
- one
44
---
55

6-
import { Markdown } from "~/components"
6+
import { Markdown } from "~/components";
7+
import SubtractIPCalculator from "~/components/SubtractIPCalculator.tsx";
78

89
By default, WARP excludes traffic bound for [RFC 1918 space](https://datatracker.ietf.org/doc/html/rfc1918), which are IP addresses typically used in private networks and not reachable from the Internet. In order for WARP to send traffic to your <Markdown text={props.one}/>, you must configure [Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) so that the IP/CIDR of your <Markdown text={props.one}/> routes through WARP.
910

1011
1. First, check whether your [Split Tunnels mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#change-split-tunnels-mode) is set to **Exclude** or **Include** mode.
1112
2. If you are using **Include** mode, add your <Markdown text={props.one}/>'s IP/CIDR range to the list. Your list should also include the [domains necessary for Cloudflare Zero Trust functionality](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains).
1213
3. If you are using **Exclude** mode:
13-
1. Delete your <Markdown text={props.one}/>'s IP/CIDR range from the list. For example, if your network uses the default AWS range of `172.31.0.0/16`, delete `172.16.0.0/12`.
14-
2. Re-add IP/CIDR ranges that are not explicitly used by your <Markdown text={props.one}/>. For the AWS example above, you would add new entries for `172.16.0.0/13`, `172.24.0.0/14`, `172.28.0.0/15`, and `172.30.0.0/16`. This ensures that only traffic to `172.31.0.0/16` routes through WARP.
14+
15+
a. Delete your <Markdown text={props.one}/>'s IP/CIDR range from the list. For example, if your network uses the default AWS range of `172.31.0.0/16`, delete `172.16.0.0/12`.
16+
17+
b. Re-add IP/CIDR ranges that are not explicitly used by your <Markdown text={props.one}/>. For the AWS example above, you would add new entries for `172.16.0.0/13`, `172.24.0.0/14`, `172.28.0.0/15`, and `172.30.0.0/16`. This ensures that only traffic to `172.31.0.0/16` routes through WARP.
18+
19+
You can use the following calculator to determine which IP addresses to re-add:
20+
21+
<SubtractIPCalculator
22+
client:load
23+
defaults={{
24+
base: "172.16.0.0/12",
25+
exclude: ["172.31.0.0/16", `172.28.0.0/15`]
26+
}}
27+
/>
28+
In **Base CIDR**, enter the RFC 1918 range that you deleted from Split Tunnels. In **Excluded CIDRs**, enter the IP/CIDR range used by your <Markdown text={props.one}/>. Re-add the calculator results to your Split Tunnel Exclude mode list.
1529

1630
By tightening the private IP range included in WARP, you reduce the risk of breaking a user's [access to local resources](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#allow-users-to-enable-local-network-exclusion).

0 commit comments

Comments
 (0)