這是本文件的舊版!

設定 Cloudflare WARP + Tunnel 取代 VPN

  • 預計配置架構

flowchart LR client1[WARP Client 1] --> warp[Cloudflare WARP Service] client2[WARP Client 2] --> warp client3[WARP Client 3] --> warp client4[WARP Client 4] --> warp warp --> tunnelA[Cloudflare Tunnel A
192.168.11.0/24] warp --> tunnelB[Cloudflare Tunnel B
10.20.0.0/22] tunnelA --> server1[Local Server 1] tunnelA --> server3[Local Server 3] tunnelA --> server4[Local Server 4] tunnelB --> server2[Local Server 2] tunnelB --> server5[Local Server 5] %% Styling with more subtle colors and black font classDef client fill:#e6e6fa,stroke:#666,stroke-width:1px,color:#000 classDef cloudflare fill:#f0e6d2,stroke:#666,stroke-width:1px,color:#000 classDef server fill:#e0f0e0,stroke:#666,stroke-width:1px,color:#000 class client1,client2,client3,client4 client class warp,tunnelA,tunnelB cloudflare class server1,server2,server3,server4,server5 server

1. 確認 tunnel 的 Private Network

2. 設定存取權限

設定群組

  • Access → Rule groups → Add a group Exp. Staff → Email 後面符合 @ichiayi.com

設定權限

  • Access → Policies→ Add a policy
  • 新增規則 Exp. Staff-policy → 只要是屬於 Staff Group 就允許

3. 設定 WARP Client

第一次要選擇 Cloudflare Zero Trust 方案

  • Settings → WARP Client → Choose Plan Exp. Free 方案

設定裝置註冊權限

  • Settings → WARP Client → Device enrollment → Manage
  • Device enrollment permissions → Policies → Access policies → Select existing policies

設定 Split Tunnels

  • 依據 Tunnel 網段來設定 WARP Client 網路的 Split Tunnels Exp. Exclude IPs and domains 將 192.168.0.0/16 與 10.0.0.0/8 移除
    • Settings → WARP Client → Device settings / Profile settings / Profile name → Default → Congigure
    • 拉到中間出現 Split Tunnels 項目選 Exclude IPs and domains 後點 Manage
    • 右邊是預設不走 WARP 的 IP 網段, 將 192.168.0.0/16 與 10.0.0.0/8 移除後, 如果這兩個大網段有需要不走 WARP 的 IP 網段可在中間輸入補回 Exp. 192.168.31.0/24 與 192.168.11.1/32

4. 用戶端安裝 WARP APP

  • WARP 用戶端程式下載網址 - https://one.one.one.one/
  • 要先確認團隊名稱(Team domain), 可以在 Settings → Custom Pages 找到, 也就是 xxxx.cloudflareaccess.com

Windows

Android

FAQ

1. web 可以存取但 ping 無回應

  • Settings → Network → Firewall → Proxy 啟用並勾選 UDP/ICMP

2. LINE 圖片無法傳送

  • Ref - 解決Cloudflare WARP無法連線LINE、Signal
  • 主要原因是 LINE 的API不支援HTTP/2, 所以要設應排除以下幾個 LINE 的網域
    • *.line.naver.jp
    • *.line-apps.com
    • *.line-scdn.net
  • Settings → WARP Client → Device settings → Profile settings → Default → Configure
    • Split Tunnels → Exclude IPs and domains → Manage

參考網址

,
  • tech/cloudflare_warp.1743932435.txt.gz
  • 上一次變更: 2025/04/06 17:40
  • jonathan