Skip to content

Connecting to Cloudflare WARP with WireGuard

  1. Install wgcf
1
brew install wgcf
  1. Register new account
1
wgcf register

The new account will be saved under wgcf-account.toml

  1. Generate WireGuard profile
1
wgcf generate

The WireGuard profile will be saved under wgcf-profile.conf

  1. Execute script mikrotik, the script is generated at https://mikrotik.dinhhuy258.dev/wireguard
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Create Wireguard interface
/interface wireguard
add name=warp-wireguard \
    private-key="private-key" \
    listen-port=13233 \
    mtu=1280

# Add a peer
/interface wireguard peers
add name=warp-peer \
    interface=warp-wireguard \
    public-key="public-key" \
    endpoint-address=engage.cloudflareclient.com \
    endpoint-port=2408 \
    allowed-address=0.0.0.0/0,::/0 \
    preshared-key=""

# Create address
/ip address
add interface=warp-wireguard address=172.16.0.2/32

# Create routing table
/routing table
add disabled=no fib name=warp-wireguard

# Create route
/ip route
add disabled=no \
    dst-address=0.0.0.0/0 \
    gateway=warp-wireguard \
    routing-table=warp-wireguard \
    suppress-hw-offload=no

# Create NAT rule
/ip firewall nat
add chain=srcnat \
    out-interface=warp-wireguard \
    action=masquerade \
    comment="Cloudflare WARP's Wireguard"

# Create routing rule
/routing rule
add action=lookup dst-address=0.0.0.0/0 table=warp-wireguard