設定 Cloudflare WARP + Tunnel 取代 VPN

這是本文件的舊版！

預計配置架構

flowchart LR client1[WARP Client 1] --> warp[Cloudflare WARP Service] client2[WARP Client 2] --> warp client3[WARP Client 3] --> warp client4[WARP Client 4] --> warp warp --> tunnelA[Cloudflare Tunnel A
192.168.11.0/24] warp --> tunnelB[Cloudflare Tunnel B
10.20.0.0/22] tunnelA --> server1[Local Server 1] tunnelA --> server3[Local Server 3] tunnelA --> server4[Local Server 4] tunnelB --> server2[Local Server 2] tunnelB --> server5[Local Server 5] %% Styling with more subtle colors and black font classDef client fill:#e6e6fa,stroke:#666,stroke-width:1px,color:#000 classDef cloudflare fill:#f0e6d2,stroke:#666,stroke-width:1px,color:#000 classDef server fill:#e0f0e0,stroke:#666,stroke-width:1px,color:#000 class client1,client2,client3,client4 client class warp,tunnelA,tunnelB cloudflare class server1,server2,server3,server4,server5 server

https://one.dash.cloudflare.com/ Networks → Routes

設定群組

Access → Rule groups → Add a group Exp. Staff → Email 後面符合 @ichiayi.com

第一次要選擇 Cloudflare Zero Trust 方案

Settings → WARP Client → Choose Plan Exp. Free 方案

設定權限

Settings → WARP Client → Device enrollment → Manage
Device enrollment permissions → Policies → Add a policy
Access → Policies → Reusable policies → Add a policy

設定 Split Tunnels

依據 Tunnel 網段來設定 WARP Client 網路的 Split Tunnels Exp. Exclude IPs and domains 將 192.168.0.0/16 與 10.0.0.0/8 移除
- Settings → WARP Client → Device settings / Profile settings / Profile name → Default → Congigure
- 拉到中間出現 Split Tunnels 項目選 Exclude IPs and domains 後點 Manage
- 右邊是預設不走 WARP 的 IP 網段, 將 192.168.0.0/16 與 10.0.0.0/8 移除後, 如果這兩個大網段有需要不走 WARP 的 IP 網段可在中間輸入補回 Exp. 192.168.31.0/24 與 192.168.11.1/32