Add Cloudflare Warp integration for enhanced privacy and performance #93
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Main patch
fixed Advanced Install
hotfix
Added details about unsafe inline CSS and public keys to the Traffic Shaping bug fixes entry.
Added details for sol-beta-v2.5.3 release including theme updates, logo update, UI bug fixes, and Tor Protocol Badge.
Added warning for beta version and updated theme, logo, and UI.
Added details for flat-bridge-v0.0.1 release including Dockerfile updates, security enhancements, and frontend improvements.
Added release notes for versions v0.0.2, v0.0.3, and v1.5.0.
This commit implements Cloudflare Warp integration for Wiregate, allowing users to route VPN traffic through Cloudflare's global network for enhanced privacy, performance, and security. Addresses upstream issue NOXCIS#66 - Request for Cloudflare Warp tunnel support. Key Features: - Route traffic through Cloudflare's 310+ edge locations worldwide - Enhanced privacy by hiding server IP through Cloudflare network - Built-in DDoS protection and security features - Support for both free and Warp+ premium tiers - Per-zone selective routing (ADMINS, MEMBERS, GUESTS, LANP2P) - Optional feature - disabled by default, zero impact when not enabled Implementation Details: 1. Docker Infrastructure (WG-Dash/Dockerfile): - Added wgcf-builder stage to compile wgcf from source - wgcf binary included in final image at /usr/local/bin/wgcf - UPX compression for smaller binary size 2. Warp Manager (WG-Dash/src/warp-manager.sh): - Complete lifecycle management (setup, start, stop, restart, status) - Automatic Warp account registration via wgcf - WireGuard profile generation and customization - Warp+ license key support for premium features - Connectivity checks and health monitoring - Graceful fallback if Warp unavailable 3. Per-Zone Routing Scripts (WG-Dash/src/iptable-rules/*/): - warp-postup.sh: Configure policy-based routing per zone - warp-postdown.sh: Clean up routing configuration - Packet marking with unique fwmark per zone (0x100-0x103) - Custom routing table (table 100 "warp") - Source NAT for traffic via Warp interface - Forwarding rules for bidirectional traffic - All zones supported: ADMINS, MEMBERS, GUESTS, LANP2P 4. Container Initialization (WG-Dash/src/entrypoint.sh): - Automatic Warp setup during container startup - Conditional initialization based on WGD_WARP_ENABLED - Error handling with graceful fallback to direct routing - Integration with existing Tor proxy workflow 5. Environment Variables: - WGD_WARP_ENABLED: Global enable/disable (default: false) - WGD_WARP_ZONES: Comma-separated zone list (default: ADMINS,MEMBERS) - WGD_WARP_LICENSE_KEY: Warp+ key for premium features (optional) - WGD_WARP_MTU: MTU size (default: 1280) - WGD_WARP_ENDPOINT: Warp endpoint (default: Cloudflare standard) 6. Documentation: - docs/CLOUDFLARE_WARP_INTEGRATION.md: Comprehensive 500+ line guide - Covers: architecture, configuration, usage, troubleshooting - Advanced topics: split tunneling, performance tuning, security - FAQ and comparison with other solutions (Tor, commercial VPNs) - examples/warp-config.env.example: Detailed configuration examples 7. README and CHANGELOG Updates: - Added Cloudflare Warp section to README with quick start - Updated table of contents with Warp documentation link - Comprehensive CHANGELOG entry with all features Architecture: Traffic Flow: [VPN Client] → [Wiregate Zone] → [Cloudflare Warp] → [Internet] Routing Mechanism: - Policy-based routing using fwmark and custom routing table - Preserves SSH and management access (not routed through Warp) - Clean separation between zones - No interference with existing iptables rules Benefits: - 🔒 Enhanced Privacy: Server IP hidden from destination sites - ⚡ Improved Performance: Cloudflare's optimized global network - 🛡️ Built-in DDoS Protection: Automatic network security - 🌐 Global Reach: 310+ edge locations for low latency - 🆓 Free & Premium Tiers: Unlimited free or Warp+ for priority routing Design Principles: - Optional feature, disabled by default - Zero impact on existing functionality when disabled - Clean integration following existing Tor proxy pattern - Environment variable driven configuration - Comprehensive documentation and examples - Graceful error handling and fallback mechanisms Testing Recommendations: 1. Enable Warp: WGD_WARP_ENABLED=true 2. Rebuild container: docker-compose up -d --build 3. Check initialization: docker logs wiregate | grep WARP 4. Verify Warp active: docker exec -it wiregate wgcf trace 5. Test IP change: curl https://api.ipify.org (should show Cloudflare IP) 6. Monitor performance: docker exec -it wiregate wg show warp Addresses: NOXCIS#66
Owner
|
@amirhmoradi swapped the base to get you up to speed on what the actual active code base is. |
Author
|
Closing in favor of #100 PR which is based on the bug-hunting base branch. |
amirhmoradi
deleted the
claude/issue-66-cloudflare-warp-011CUojiMSEFd7Dk6nbaCrhn
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit implements Cloudflare Warp integration for Wiregate, allowing users to route VPN traffic through Cloudflare's global network for enhanced privacy, performance, and security.
Addresses upstream issue #66 - Request for Cloudflare Warp tunnel support.
Key Features:
Implementation Details:
Docker Infrastructure (WG-Dash/Dockerfile):
Warp Manager (WG-Dash/src/warp-manager.sh):
Per-Zone Routing Scripts (WG-Dash/src/iptable-rules/*/):
Container Initialization (WG-Dash/src/entrypoint.sh):
Environment Variables:
Documentation:
README and CHANGELOG Updates:
Architecture:
Traffic Flow:
[VPN Client] → [Wiregate Zone] → [Cloudflare Warp] → [Internet]
Routing Mechanism:
Benefits:
Design Principles:
Testing Recommendations:
Addresses: #66