This example provides a simple configuration for a Debian client to have a Cloudflare tunnel while not installing the official Cloudflare WARP client. Note: Tunnel transport outbound to engage.cloudlflare.com
on udp/2408
is default, with a dynamic listening udp port and a fwmark for packet matching by wireguard. Any applicable firewall rules may need to be adjusted.
- Top-level GitHub project to convert cloudflare endpoint to generic wireguard configuration file: https://github.com/ViRb3/wgcf
sudo apt install openresolv wireguard-tools golang git
git clone https://github.com/ViRb3/wgcf.git