cloudflare · marciocloudflare · Jun 16, 2025 · Jun 3, 2025 · Jun 3, 2025 · Jun 16, 2025
@@ -5,6 +5,13 @@ head:
   - tag: title
     content: Use WARP as an on-ramp
 ---
+:::note
+By default, direct WARP-to-WARP connections are not supported for devices located behind Magic WAN with WARP enabled. This is due to issues caused by double encapsulation and asymmetric routing.
+
+When a device is behind Magic WAN, it is recommended to avoid enabling WARP. Instead, access the device using its local LAN IP from remote systems, rather than relying on WARP-to-WARP communication.
+
+If you do want to use WARP on a device behind Magic WAN and connect to its WARP IP (within the `100.96.0.0/12` range), you will need to adjust your WARP profiles. Specifically, exclude the `100.96.0.0/12` subnet from the on-premises WARP profile, and include it in the off-premises profile.
+:::
 
 import { GlossaryTooltip, Render } from "~/components";
 
@@ -83,4 +90,4 @@ nslookup <SERVER_BEHIND_MAGIC_WAN>
 
 This DNS lookup should return a valid IP address associated with the server or service you are testing for.
 
-Next, test with a browser that you can connect to a service on the WAN by opening a webpage that is only accessible on the WAN. The server can be the same server used in the DNS lookup or another server in the WAN. Connecting using an IP address instead of a domain name should work.
+Next, test with a browser that you can connect to a service on the WAN by opening a webpage that is only accessible on the WAN. The server can be the same server used in the DNS lookup or another server in the WAN. Connecting using an IP address instead of a domain name should work.