IPv6 only VPSes are becoming popular right now, since some providers are now requiring you to pay to have an IPv4 address because of the IPv4 address exhaustion. But what if you need to connect to IPv4 only servers on your VPS? And also, what if you wanted to connect to your IPv6 only VPS on your IPv4 only device? Cloudflare WARP and Zero Trust has got you covered.
Note that this will only allow you to connect to your VPS using IPv4 if your client is connected to Cloudflare WARP since Cloudflare WARP only provides a single NATed IPv4, not a public IPv6 address.
Cloudflare Zero Trust settings
Cloudflare WARP-to-WARP
- Go to Settings, and Network.
- Enable Proxy.
- Check UDP and ICMP.
- Enable WARP to WARP.
Let Cloudflare assign the WARP-to-WARP IPv4 range to devices
Instead of getting the same IP address of 172.16.0.2
to every device, we instead enable “Override local interface IP” so that devices get their own unique IP from 100.96.0.0/12
.
- Go to Settings, and WARP Client.
- Enable Override local interface IP.
Configure Split Tunneling
This allows Cloudflare WARP-to-WARP traffic to pass though the WireGuard instead of getting handled as local traffic.
- Go to Settings, and WARP Client.
- Click Default profile, and configure.
- Make sure split tunnels is set to Exclude IPs and domains.
- Click “Manage” on Split Tunnels.
- Remove IP range
100.64.0.0/10
andfd00::/8
.
Generate Cloudflare Zero Trust WireGuard configuration
- Download wgcf-teams.
- Open wgcf-teams.
wgcf-teams
- On your browser, open
https://<YOUR_ORGANIZATION>.cloudflareaccess.com/warp
. - Login to Cloudflare Zero Trust on your browser.
- After logging in to Cloudflare Zero Trust, get your JWT token using this guide.
- Paste the JWT token on the command prompt that is opened by wgcf-teams and press enter.
The program will output a WireGuard configuration like this:
|
|
Setup Cloudflare WARP WireGuard on your VPS
This assumes that you have Debian installed on your VPS.
- Install WireGuard.
sudo apt install wireguard
- Create WireGuard configuration.
sudo nano /etc/wireguard/wg0.conf
Paste this WireGuard configuration and edit.
|
|
- Create a new WireGuard interface configuration.
sudo nano /etc/network/interfaces.d/wg0
Paste this WireGuard interface configuration and edit.
|
|
- Enable the WireGuard interface.
sudo ifup wg0
- Check if WireGuard is working.
sudo wg
Testing
- Try to ping and access an IPv4 only server on your VPS.
- Try to ping and access your VPS via its IPv4 address on a device with Cloudflare WARP running.