cloudflare · ranbel · Oct 16, 2024 · Aug 15, 2024 · Aug 27, 2024 · Aug 27, 2024
@@ -0,0 +1,49 @@
+---
+pcx_content_type: concept
+title: WARP Connector
+sidebar:
+  label: Overview
+  order: 5
+  badge:
+    text: Beta
+tableOfContents: false
+---
+
+import { Render, Details} from "~/components";
+
+<Details header="Feature availability">
+
+| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| ----------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| Gateway with WARP                                                                         | All plans                                                     |
+
+| System   | Availability |
+| -------- | ------------ |
+| Windows  | ❌           |
+| macOS    | ❌           |
+| Linux    | ✅           |
+| iOS      | ❌           |
+| Android  | ❌           |
+| ChromeOS | ❌           |
+
+</Details>
+
+Cloudflare WARP Connector is a piece of software [^1] that enables site-to-site, bidirectional, and mesh networking connectivity without requiring changes to underlying network routing infrastructure. WARP Connector establishes a secure Layer 3 connection between a private network and Cloudflare, allowing you to:
+
+- Connect two or more private networks to each other.
+- Connect IoT devices that cannot run external software, such as printers and IP phones.
+- Filter and log server-initiated traffic, such as VoIP and SIP traffic.
+- Apply Zero Trust security policies based on the source IP of the request.
+
+![Two subnets connected with WARP Connector](~/assets/images/cloudflare-one/connections/connect-apps/warp-connector/overview.png)
+
+As shown in the diagram, WARP Connector acts as a router for a subnet within the private network to on-ramp and off-ramp traffic through Cloudflare. All devices on the subnet can access any services connected to Cloudflare, and all devices connected to Cloudflare can access any services on the subnet. Each subnet runs a WARP Connector on a designated Linux machine (typically the default gateway router), but other devices on the network do not need to install software.
+
+To set up WARP Connector, refer to the guide for your use case:
+
+- **[Site-to-Internet](/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-internet/)**: Send requests from your private network to the Internet.
+- **[Site-to-site](/cloudflare-one/connections/connect-networks/private-net/warp-connector/site-to-site/)**: Send requests between two or more private networks.
+- **[User-to-site](/cloudflare-one/connections/connect-networks/private-net/warp-connector/user-to-site/)**: Allow WARP client devices to send requests to your private network.
+- **Internet-to-site**: Not supported by WARP Connector. To provide clientless access to applications on your private network, set up a [Cloudflare Tunnel with `cloudflared`](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/) and configure a [public hostname route](/cloudflare-one/connections/connect-networks/routing-to-tunnel/).
+
+[^1]: WARP Connector is an extension of the [WARP client](/cloudflare-one/connections/connect-devices/warp/).
@@ -0,0 +1,83 @@
+---
+pcx_content_type: how-to
+title: Connect private network to Internet
+sidebar:
+  label: Site-to-Internet
+  order: 3
+---
+
+import { Render, Details, GlossaryTooltip, TabItem, Tabs } from "~/components";
+
+This guide covers how to connect a private network to the Internet using WARP Connector. In this example, we will create a WARP Connector for subnet `10.0.0.0/24` and install it on `10.0.0.1`.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+        device1["Device
+        10.0.0.2"]-->router1["WARP Connector
+        10.0.0.1"]
+      end
+      router1-->C((Cloudflare))-->I{Internet}
+```
+
+## Prerequisites
+
+- A Linux host [^1] on the subnet
+- Verify that your firewall allows inbound/outbound traffic over the [WARP IP addresses, ports, and domains](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/).
+
+## 1. Install a WARP Connector
+
+<Render file="tunnel/warp-connector-install" />
+
+## 2. (Recommended) Create a device profile
+
+<Render file="tunnel/warp-connector-device-profile" />
+
+## 3. Route traffic from subnet to WARP Connector
+
+Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
+
+### Option 1: Default gateway
+
+<Render file="tunnel/warp-connector-default-gateway" />
+
+### Option 2: Alternate gateway
+
+<Render file="tunnel/warp-connector-alternate-gateway" />
+
+#### Add route to router
+
+For example, for all traffic from the subnet to egress through WARP Connector, add a rule on the router that routes `0.0.0.0` to the WARP Connector host machine (`10.0.0.100`).
+
+<Render file="tunnel/warp-connector-alternate-gateway-flow" />
+
+### Option 3: Intermediate gateway
+
+<Render file="tunnel/warp-connector-intermediate-gateway" />
+
+#### Add route to devices
+
+<Render file="tunnel/warp-connector-route-all-traffic" />
+
+#### Verify routes
+
+<Render file="tunnel/warp-connector-verify-routes" />
+
+## 4. Test the WARP Connector
+
+You can now test if traffic from your subnet routes through Cloudflare. For example,
+
+1. On the `10.0.0.2` device, run `curl --ipv4 www.google.com`.
+2. Check your [Gateway DNS logs](/cloudflare-one/insights/logs/gateway-logs/) for queries from `warp_connector@<your-team-name>.cloudflareaccess.com`. Logs may take a few minutes to populate.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+        device1["Device
+        10.0.0.2"]--Request-->router1["WARP Connector
+        10.0.0.1"]
+      end
+      router1-->C((Cloudflare))-->I{Internet}
+```
+
+[^1]: <Render file="tunnel/warp-connector-linux-packages" />
@@ -0,0 +1,179 @@
+---
+pcx_content_type: how-to
+title: Connect two or more private networks
+sidebar:
+  label: Site-to-site
+  order: 3
+---
+
+import { Render, Details, GlossaryTooltip, TabItem, Tabs } from "~/components";
+
+This guide covers how to connect two independent subnets with WARP Connector. Each subnet must run its own WARP Connector on a Linux host. Installing on your router is the simplest setup, but if you do not have access to the router, you may choose any other machine on the subnet.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+      router1["WARP Connector #1
+        10.0.0.1"]
+      end
+      subgraph subnet2[Subnet 192.168.1.0/24]
+        router2["WARP Connector #2
+        192.168.1.97"]
+      end
+      router1<-->C((Cloudflare))<-->router2
+```
+
+In this example, we will create a WARP Connector for subnet `10.0.0.0/24` and install it on `10.0.0.1`. We will then create a second WARP Connector for subnet `192.168.1.0/24` and install it on `192.168.1.97`.
+
+## Prerequisites
+
+- A Linux host [^1] on each subnet.
+- Verify that your firewall allows inbound/outbound traffic over the [WARP IP addresses, ports, and domains](/cloudflare-one/connections/connect-devices/warp/deployment/firewall/).
+
+## 1. Install a WARP Connector
+
+<Render file="tunnel/warp-connector-install" />
+
+## 2. (Recommended) Create a device profile
+
+<Render file="tunnel/warp-connector-device-profile" />
+
+## 3. Route traffic from WARP Connector to subnet
+
+1. In [Zero Trust](https://one.dash.cloudflare.com), go to **Networks** > **Routes**.
+2. Select **Create route**.
+3. In **CIDR**, enter the private IPv4 address range that you wish to route through this WARP Connector (for example, `10.0.0.0/24`). WARP Connector does not currently support IPv6 routes.
+    :::note
+    If you do not already have a private network range, you can choose a subnet from one of these [pre-defined CIDRs](https://datatracker.ietf.org/doc/html/rfc1918#section-3).
+    :::
+4. For **Tunnel**, select the name of your WARP Connector (_Subnet-10.0.0.0/24_).
+5. Select **Create**.
+6. In your WARP Connector device profile, [configure Split Tunnels](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) so that traffic to your private network CIDR (`10.0.0.0/24`) routes through the WARP tunnel. For example, if you are using **Exclude** mode, delete `10.0.0.0/8` from Split Tunnels and re-add the following IPs: `10.0.1.0/24`, `10.0.2.0/23`, `10.0.4.0/22`, `10.0.8.0/21`, `10.0.16.0/20`, `10.0.32.0/19`, `10.0.64.0/18`, `10.0.128.0/17`, `10.1.0.0/16`, `10.2.0.0/15`, `10.4.0.0/14`, `10.8.0.0/13`, `10.16.0.0/12`, `10.32.0.0/11`, `10.64.0.0/10`, `10.128.0.0/9`
+
+The WARP Connector will now forward inbound requests to devices on the subnet.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+      router1["WARP Connector #1
+        10.0.0.1"]
+			device["Device
+        10.0.0.2"]
+      end
+
+      C((Cloudflare))--Requests to 10.0.0.2--> router1 --> device
+
+```
+
+## 4. Route traffic from subnet to WARP Connector
+
+Depending on where you installed the WARP Connector, you may need to configure other devices on the subnet to route outbound requests through WARP Connector.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+      router1["WARP Connector #1
+        10.0.0.1"]
+			device["Device
+        10.0.0.2"]
+      end
+
+      device --Requests to
+			192.168.1.0/24 --> router1 --> C((Cloudflare))
+
+```
+
+### Option 1: Default gateway
+
+<Render file="tunnel/warp-connector-default-gateway" />
+
+### Option 2: Alternate gateway
+
+<Render file="tunnel/warp-connector-alternate-gateway" />
+
+#### Add route to router
+
+For example, for devices on subnet `10.0.0.0/24` to reach applications behind subnet `192.168.1.0/24`, add a rule on the router that routes `192.168.1.0/24` to the WARP Connector host machine (`10.0.0.100`).
+
+<Render file="tunnel/warp-connector-alternate-gateway-flow" />
+
+### Option 3: Intermediate gateway
+
+<Render file="tunnel/warp-connector-intermediate-gateway" />
+
+#### Add route to devices
+
+<Render file="tunnel/warp-connector-route-all-traffic" />
+
+Alternatively, you can configure only certain routes to egress through WARP Connector. For example, you may only want to filter traffic destined to internal applications and devices, but allow public Internet traffic to bypass Cloudflare.
+
+<Tabs> <TabItem label="Linux">
+
+```sh
+sudo ip route add <DESTINATION-IP> via <WARP-CONNECTOR-IP> dev eth0
+```
+
+</TabItem> <TabItem label="macOS">
+
+```sh
+sudo route -n add -net <DESTINATION-IP> <WARP-CONNECTOR-IP>
+```
+
+</TabItem>
+
+<TabItem label="Windows">
+
+```bash
+route /p add <DESTINATION-IP> mask 255.255.255.255 <WARP-CONNECTOR-IP>
+```
+
+</TabItem> </Tabs>
+
+
+#### Verify routes
+
+<Render file="tunnel/warp-connector-verify-routes" />
+
+## 5. Install another WARP Connector
+
+Repeat steps 1, 3, and 4 above to install an additional WARP Connector on subnet `192.168.1.0/24`. The device profile created in Step 2 will apply to all WARP Connectors.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+      router1["WARP Connector #1
+        10.0.0.1"]
+      end
+      subgraph subnet2[Subnet 192.168.1.0/24]
+        router2["WARP Connector #2
+        192.168.1.97"]
+      end
+      router1<-->C((Cloudflare))<-->router2
+```
+
+## 6. Test the WARP Connector
+
+You can now test the connection between the two subnets. For example, on the `10.0.0.2` device run `ping 192.168.1.100`.
+
+```mermaid
+    flowchart LR
+      subgraph subnet1[Subnet 10.0.0.0/24]
+        device1["Device
+        10.0.0.2"]--"ping
+        192.168.1.100"-->router1["WARP Connector #1
+        10.0.0.1"]
+      end
+      subgraph subnet2[Subnet 192.168.1.0/24]
+        router2["WARP Connector #2
+        192.168.1.97"]-->device2["Device
+        192.168.1.100"]
+      end
+      router1-->C((Cloudflare))-->router2
+```
+
+:::note
+
+If you are testing with curl using private hostnames, add the `--ipv4` flag to your curl commands.
+:::
+
+[^1]: <Render file="tunnel/warp-connector-linux-packages" />