Zero Trust (WARP) as, literally, private network
Hey, I was wondering whether I could theoretically connect my VPSes into a private network with what cf offers.
And while I know that it’s possible (and have done it), the ways I implemented it seem questionable at very least to me.
1. I connected servers with wireguard and then on one server ran cloudflared and shared network I set up in wireguard; 10.0.0.0/8. This is not optimal because if I want to connect to server that’s not running cloudflared there are effectively 2 hops without any adequate reasoning to do so.
2. I started up cloudflared on my servers and added routes with ips I want my servers to have within private network (10.0.0.1/32, 10.0.0.2/32…). Then on servers I added the private network address (10.0.0.x) as a loopback. This also doesn’t sound ideal to me because that way I made human take DHCP’s role lol
Is there a way to set up cf ZT as a literally private network?
12 Replies
bump
I've tried warp connectors but they don't support ingress (internet -> network)
+ I'd like to host dns server so that I can resolve xyz.internal.foo.com and warp connector binds to :53
:3853dioshrug:
@Community Champion
?pings
Please do not ping community members for non-moderation reasons. Doing so will not solve your issue faster and will make people less likely to want to help you.
It was a crypto scam. It's in the other 2 "Help threads also"
Sorry, there was no message when you pinged me… I might have been too slow 😅
No worries. Just didn't want you to think I was cryin' wolf lol.
No problem… it didn’t make much sense with you not being op
Since we are here, though, @Londek…
I’m not sure exactly what you are trying to achieve… cloudflared shares local services and the subnet(s) in the local network to other devices
You do need to enable the ranges you want to share in the dashboard and I’m not exactly sure if it shares itself in that way
Hey, thanks for reaching out lol. It’s never too late to do so :lul: I have several VPS servers that I’d like to connect together and create a private network - sort of LAN, hosting does not have official way to do so, so I was wondering whether I can achieve it with cloudflare warp
By all means I do not have to do it, but I wanted to see whether cloudflare warp could do it
I think what you want is this: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/private-net/warp-to-warp/#enable-warp-to-warp
No need to assign actual IPs, each device gets its own IP in the CGNAT space (similarly to what Tailscale, ZeroTier, Netbird, etc. do)