diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx index 0154482d086404..71351c4dcba162 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/index.mdx @@ -25,7 +25,7 @@ This mode is best suited for organizations that only want to apply DNS filtering ## Secure Web Gateway without DNS filtering -This mode is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device. +This mode (sometimes referred to as tunnel-only mode) is best suited for organizations that want to proxy network and HTTP traffic but keep their existing DNS filtering software. DNS traffic is handled by the default mechanism on your device. | DNS filtering | Network filtering | HTTP filtering | Features enabled | | ------------- | ----------------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | @@ -35,6 +35,7 @@ This mode is best suited for organizations that want to proxy network and HTTP t - This mode disables all features that rely on WARP for DNS resolution, including [domain-based split tunneling](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#domain-based-split-tunnels) and [Local Domain Fallback](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/local-domains/). - Only available on Windows, Linux, and macOS. +- This mode has a known limitation concerning [DNS servers with IPv6 addresses](/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations/#ipv6-dns-resolution-in-secure-web-gateway-without-dns-filtering-mode). ::: diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx index 87d288503f85f0..4085d090239b4c 100644 --- a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx +++ b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/known-limitations.mdx @@ -100,7 +100,7 @@ or create a Docker network with a working MTU value: docker network create -o "com.docker.network.driver.mtu=1420" my-docker-network ``` -The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users. +The MTU value should be set to the MTU of your host's default interface minus 80 bytes for the WARP protocol overhead. Most MTUs are 1500, so 1420 should work for most users. ## Access WARP DNS from Docker @@ -121,7 +121,7 @@ Address: 8.8.8.8:53 ** server can't find connectivity-check.warp-svc.: NXDOMAIN ** server can't find connectivity-check.warp-svc.: NXDOMAIN - + # Create a bridge network called demo ❯ docker network create demo e1e1943a6995a7e8c115a1c60357fe64f87a3ae90074ce6e4c3f0d2bba3fa892 @@ -157,6 +157,14 @@ Address: 127.0.2.3 Use of the WARP client in a Microsoft 365 Windows 10 Cloud PC is not supported. To work around this limitation, use Windows 11. +## IPv6 DNS resolution in Secure Web Gateway without DNS filtering mode + +In [Secure Web Gateway without DNS filtering mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/#secure-web-gateway-without-dns-filtering), devices using IPv6 DNS servers may experience connectivity issues if these servers are not manually excluded from the WARP tunnel. + +Unlike common IPv4 DHCP configurations where DNS servers often fall within automatically excluded private address ranges, IPv6 environments typically require manual exclusion of DNS server addresses via split tunnel settings for proper operation. + +If your DNS server uses an IPv6 address, you must manually exclude it using [split tunnel settings](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) for Secure Web Gateway without DNS filtering mode to work properly. + ## Troubleshooting - [Troubleshooting](/cloudflare-one/faq/troubleshooting/) - Review Troubleshooting for other WARP-related troubleshooting errors and solutions.