WARP Zero Trust Blocks Cloudflare Tunnel
Hi everyone,
I’m having an issue where my Cloudflare Tunnel (cloudflared) works fine when using regular DoH (DNS over HTTPS), but stops working when I enable WARP Zero Trust. Here’s what I’ve tried and observed:
- Default WARP Zero Trust profile: Split tunneling - “Exclude” (I’ve added all the recommended exclusions: local loopback, private IP ranges, multicast, Cloudflare Tunnel IPs, etc.)
- No Gateway block logs: I don’t see any logs indicating that the traffic is being blocked by the Gateway.
- Traffic behavior: With WARP enabled, tcpdump on my interface shows no UDP 7844 traffic (QUIC), but I do see it when WARP is off. It seems like WARP is redirecting tunnel traffic through itself.
- Other notes:
My device is running Linux.
My local firewall is currently disabled.
There’s no error in the WARP logs except for some occasional IPv6 DNS failures (my router does not support IPv6).
Question:
Has anyone else experienced this? Is there a way to ensure that Cloudflare Tunnel traffic bypasses WARP, or is there a known issue with QUIC/UDP 7844 and WARP Zero Trust? Any suggestions for troubleshooting or workarounds?
Thanks in advance!
I’m having an issue where my Cloudflare Tunnel (cloudflared) works fine when using regular DoH (DNS over HTTPS), but stops working when I enable WARP Zero Trust. Here’s what I’ve tried and observed:
- Default WARP Zero Trust profile: Split tunneling - “Exclude” (I’ve added all the recommended exclusions: local loopback, private IP ranges, multicast, Cloudflare Tunnel IPs, etc.)
- No Gateway block logs: I don’t see any logs indicating that the traffic is being blocked by the Gateway.
- Traffic behavior: With WARP enabled, tcpdump on my interface shows no UDP 7844 traffic (QUIC), but I do see it when WARP is off. It seems like WARP is redirecting tunnel traffic through itself.
- Other notes:
My device is running Linux.
My local firewall is currently disabled.
There’s no error in the WARP logs except for some occasional IPv6 DNS failures (my router does not support IPv6).
Question:
Has anyone else experienced this? Is there a way to ensure that Cloudflare Tunnel traffic bypasses WARP, or is there a known issue with QUIC/UDP 7844 and WARP Zero Trust? Any suggestions for troubleshooting or workarounds?
Thanks in advance!
Welcome to the official Cloudflare Developers server. Here you can ask for help and stay updated with the latest news
85,042Members
Resources
Similar Threads
Was this page helpful?
