Cloudflare Warp

1

Trying to use Cloudflare Warp at the same time as Tailscale unsurprisingly doesn’t seem to work (this is basically stacking VPNs).

It would be great if somehow they could work together, basically use Cloudflare Warp as the exit node (its not quite a standard exit node as it will route to the nearest warp location) for untrusted internet connections.

1 Like
2

I’m trying to figure out the same thing. The 100.x.y.z IP addresses are already added by default to the “split tunnel” config of Cloudflare Warp, but the IP routing still doesn’t work. Haven’t even gotten to DNS yet.

I’m on MacOS btw, been trying to understand the routing table for the last couple of days :slight_smile:

1 Like
3

I have the same issue. Already configured both IPv4 and IPv6 exclusions (as per tailscale page)

100.64.0.0/10
fd7a:115c:a1e0::/48

Any hints?
Thanks

4

Running multiple VPNs at the same time rarely works. They fight over every resource: routing table, iptables, DNS settings.

5

Thanks, I understand your point.
However, “VPNs” also advertise they are good citizens and they should try to… :slight_smile:
In our case we are using both for different purposes (in this case, Cloudflare we found better suited for default outbound traffic, with Tailscale was already being used for connection to some kinds of internal resources). We really hope we don’t have to choose one in detriment of the other, as we would probably be forced to go with the one that has capabilities features the other hasn’t…
Thx

6

I also noticed the same issue, but with one additional detail.

I have Cloudflare WARP configured with the exception for Tailscale subnet 100.64.0.0/10. And that actually works for the connections that have been previously established and resolve to a direct local connections.

However WARP prevents reaching tailnet addresses that need a relay to reach. Also WARP prevents reaching devices that would resolve to direct local connection, if that device has not been contacted for a while.

Would it be possible to exclude relay and other tailscale services that are contacted when tailnet connection is being resolved?