Tips and best practices
When setting up WARP Connector on a virtual private cloud (VPC), you may need to configure additional settings in the cloud service provider.
For Google Cloud Project (GCP) deployments, enable IP forwarding ↗ on the VM instance where you installed WARP Connector.
For Amazon Web Services (AWS) deployments:
-
Stop source/destination checking ↗ on the EC2 instance where you installed WARP Connector.
-
In your subnet route table ↗, route all IPv4 traffic to the EC2 instance where you installed WARP Connector. For example:
Destination Target 0.0.0.0/0eni-11223344556677889
WARP Connector and cloudflared can run together on the same Linux host. This configuration is useful when you want to use WARP Connector as a gateway for your private network, while also using the cloudflared daemon to expose specific applications.
By design, WARP Connector captures all outbound traffic and routes it through Cloudflare's network. This prevents cloudflared from making its own required outbound connections to Cloudflare, causing the tunnel to fail with connection timeouts.
To allow cloudflared to connect, use Split Tunnels to explicitly exclude the Cloudflare Tunnel destinations from the WARP tunnel. For example, if you are using Split Tunnels in Exclude mode, add the following hostnames (or their corresponding IP ranges) to your Split Tunnel exclusion list:
region1.v2.argotunnel.comregion2.v2.argotunnel.com
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark