[GUIDE] Connect to cloudflare's free WARP pseudo VPN service using built-in wireguard client

Just got this running in 10 minutes, hope it helps:

  1. go to https://github.com/ViRb3/wgcf
  2. download and run the script to register a user iD and then generate a wireguard config
  3. open the config in a text editor
  4. on glinet router’s wireguard client page choose ‘manual’ and copy the values to the relevant boxes.
  5. reboot the router (nothing worked until I did this)

Voila!

tips:

  • I used the ipv4 addresses in the config - the ipv6 did not work.
  • you can set DNS to 1.1.1.2 for malware blocking
  • I left the preshared key, MTU and listening Port empty - the MTU and listening Port filled themselves out.
  • Check your status at https://1.1.1.1/help

Hope that helps

5 Likes

worked great. thanks!

1 Like

thanks very much, its working.

1 Like

If you guys have premium version of warp in android (which is cheaper than ios) and you want to use it as wireguard client such in gl router, I know how to do it. But I am afraid, is it against rules if I make tutorial for that?

Warp either free or paid is just another VPN service. I cleaned the thread of junk posts.

@ongkang Please post the guide for Warp Premium as well.

1 Like

No, that’s not what I meant @Johnex is right. You could do stuff with that which is rather not discussed, which you could theoretically also do with any other similar service. I said that since I hope that the described on Github continuously works and won’t be abused. No need to worry about anything @onkang, sorry if it seemed this way but I try not to incentivize people to abuse it. To use it like stated isn’t abuse and not illegal or anything, to use it as user is probably almost anywhere legally totally fine.

Hey guys let’s not have a cow man …

Here is a forum post with a semi-official response (the poster is the first to come up with this wireguard solution for WARP as far as I’m aware):

Basically the TLDR is that it’s not supported, but it’s the internet and people are going to internet so no need to get worried about getting SWATTED or locked up for ever under misuse of computers act on this one.

In anycase, the link I posted in OP clearly explains how to use a paid account with this process so there is no need to repeat it here anyways :wink:

Happy that so many people have found some use from this!

Okay CFs reaction surprises me, not that I think they would care that they’re unique ID system is, well, worthelss, but that must have been clear since you can create accounts without sim card and with android/iOS simulator. I noticed something and I saw the possibility, and it basically worked first try. Since I’m and our startup team are the opposite of interested that CF gets in trouble because of an infrastructural “problem”, if enough people came right up with the idea like I, I thought, well, better I say nothing and the discussion started.

I didn’t say AT ALL that one could get in trouble for setting up the tunnels this way. I’m outta this thread, seems like it isn’t as obvious as I thought and therefore mustn’t be explained or anything anymore. :smile:

Oh sorry I think that i didn’t quite understand - thought you were just referring to transferring paid accounts.

Regardless, they will release WARP for desktop I believe so I’m sure they’re not really worried about non-mobile use of their services.

A lot of their algo stuff (if you’ve ever played with cloudflared) is also pretty easy to use on many different systems so in some respects they are pretty open already.

Perhaps if you believe to have found a vector for abuse you could send it in to their bug bounty program?

Honestly though, I really doubt that there is much space for going too crazy with this - it doesn’t hide your IP at all - it only encrypts your first hop to cloudflare network and then they MITM any connections to cloudflare sites to introduce some performance tweaks (as far as I understand).

It’s useful for gl-inet devices for using fast wireguard encryption on public or mobile networks for absolutely free of cost.

If you are just at home, then a regular paid VPN is still a probably a better choice.

1 Like

agree with everything you say but just wanted to add that performance tweaks equals …

  1. redirected marketing and blocked marketing for performance increase
  2. web history to sell
  3. doh for dns control

Why else would someone “give” you a “free” vpn?
They are simply trying to steal it right out of the hands of your own isp which suites me just fine.

1 Like

Yeah that’s definitely one way of looking at it.

If you don’t pay for WARP then you do only get the minimum usage of their network and the costs on their infrastructure is really minimal. They benefit much more if you use the app however and not a standard wireguard client - the app is basically a network testing node that provides networking analytics to cloudflare.

They say they keep logs for 2 days and ‘anonymised’.

I think that their core business does have a coincidental benefit that allows them to offer something for ‘free’ without monetising it directly and selling information on the sly. I think the more concerning part is that it is a US company subject to NSLs.

If you are in the US then WARP is clearly an improvement on ISP ToS which can include injecting adverts and flat out selling your data.

For others in the world it is a little more nuanced. Still a useful networking tool though - and running it on a wireguard client is obviously much better from a privacy perspective than using their app which is constantly reporting metrics.

I do believe that they are using the metrics for their networking infrastructure and to provide their other services, but it is still only going by privacy policy and faith - not every company is run by a levar levison type with morals and conviction to do the right thing.

The real question here is, why on earths not so clean sky would you use a USA based VPN provider?
We all know how that will go.
You want your VPN to be based in a country that will not release all your information as soon as they get a court order for it, sometimes not even a court order required if they just label it as in interest to national security when you are looking for food for your dog on some shady site that also happens to sell some more grey area things.

I’ll just leave this here

:see_no_evil: :see_no_evil: :see_no_evil:

1 Like

Sorry but I missed earlier discussion and removed posts but is this ultimately deemed safe and secure to use?

Yeah it’s safe to use. It’s just wireguard under the fancy name they put.

1 Like

Gone throgh all the steps one by one but status check still showing that I am not connected to all CloudFlare services even after rebooting the router! Where am I going wrong?

Here are the results I get on test:
|Connected to 1.1.1.1 |Yes|
|Using DNS over HTTPS (DoH) |No|
|Using DNS over TLS (DoT) |Yes|
|Using DNS over WARP |No|
|AS Name |Cloudflare|
|AS Number |13335|
|Cloudflare Data Center |LHR|

|1.1.1.1 |Yes|
|1.0.0.1 |Yes|
|2606:4700:4700::1111 |No|
|2606:4700:4700::1001 |No|

First, please make sure that the wireguard traffic for the download is flowing. If it keeps on 0 then it is not working yet, even after you got connected status. Because, it is always get connected status if the host is reachable.

If you find 0 on downloaded then reconnect. Use lower MTU (maybe 1280) might help.
after using generated wireguard from warp+ I get this issue a lot, especially on smartphones. And mostly restarting connection works, if not then your id maybe already deleted in cloudflare user database.

1 Like