Connecting to CloudFlare, surely its possible.
-
Yeah, that's how I read it. You just need that to generate wgcf-profile.conf. Then you use the values from that file to configure Wireguard in pfSense.
Obviously the status and trace commands won't work. Unless maybe you're behind the firewall...
-
@stephenw10 so with WARP,
Would this allow remote access as well? Do I still need to create a tunnel? I cant quite understand what these WARP shannigans are all about?
Is WARP just like some kind of secure DNS and not a VPN as such?
-
It's a Wireguard Tunnel to Cloudflare. Wireguard has none of the user/config management that, say, OpenVPN does so things like this and Tailscale have been created to add it.
Cloudflare is about filtering inbound traffic mainly so I imagine this makes it easy to connect, say, a webserver that is buried behind routers/firewalls directly to them.Why are you trying to connect to them?
-
@stephenw10 I just want complete subnet access, just like I do with my OVPN.
I am behind CGNat so running servers is a no go, so I use OVPN cloud at the moment which works really well however only allows 3 users free after that it's crazy expensive.
Whereas cloudflare allows up to 50 users free.
-
@deanfourie OK so im in a catch 22 here,
On my debain box, I have managed to achieve what I want to do, VPN with full network access and secure outbound traffic.
The problem is obviously this is running on a separate VM to my pfSense.
So, I could install cloudflared on pfSense and configure it the same as I have setup the debain one, and this would work. However I have some questions.
- Will all outbound traffic be routed through it, if not how can it be? Since there is no interface created.
- same goes for firewall rules? Cant manage firewall rules as there is no separate interface such as a TUN or anything. (How do I tell pfSense to exit via the cloudflared tunnel)? Which route would take precedence?
My other option is to setup the Debain VM as a gateway, and route traffic from pfSense through the Debain GW then out. Setup something like ip forwarding on debain.
or any suggestions are welcome, Im slowly creeping closer and closer to success.
-
If the cloudflared tunnel doesn't create an interface/gateway then pfSense can't policy route across it. I've never used either but it looks like cloudflared is a proxy to me.
-
@stephenw10 it certainly does look more like a proxy.
-
Just to refresh the topic, WARP client for freebsd based firewalls eg:. (pfSense, OPNsense), 10+ pages with useful links for Your inspiration…;)
I really frustrated WHY NETGATE IGNORE WARP/WARP+ as fastest (truth) way to have secured VPN/proxied connection that love a lot of pfSense’s users.
Looks like DevTeam making first step (with documenting DoT with CloudFlare and making a lot of links in official docs certainly for CloudFlare’s public DNSs, which are FREE), stop and not making reasonable next step with making WARP/WARP+ CloudFlare client (service) for pfSense!
Really frustrating! Especially there are a lot of ready-to-use code for FreeBSD, that was tested and work well!
-
Please vote for adding CloudFlare WARP/WARP+ client as a package to pfSense.
Thank You all!
-
@stephenw10 said in Connecting to CloudFlare, surely its possible.:
Are you doing everything shown here?:
https://www.reddit.com/r/PFSENSE/comments/owg78a/sending_traffic_over_cloudflare_warp/@stephenw10 Is this exactly guide working for You?
If answer are “Yes”:
-
What is bandwidth w/ and w/o WARP (or WARP+ if You have) on the same physical channel?
-
What about STABILITY of work (and how You testing this stability)?
Thanks a lot!
-
-
@NollipfSense said in Connecting to CloudFlare, surely its possible.:
@deanfourie I think a better question would be what about REST API that was promised for pfSense 2.6 but didn't make it? Has pfSense moved away from implementing that strategy? With REST API, it would be very easy to run containers and other micro-services...
Beside the Netgate promises, the idea to running micro-services and especially containers inside pfSense - very bad idea.
I prefer to look on pfSense as solid system with a fraction of 3-rd packages (but VERY WELL TESTED an bug-free!).
