#!/usr/bin/env python3 | |
import subprocess | |
import json | |
import os | |
from pathlib import Path | |
import requests | |
from requests.compat import urljoin | |
class CloudflareWarp(): | |
API_URL = "https://api.cloudflareclient.com/v0a774/" | |
_session = None | |
def __init__(self, account, token): | |
self.id = account | |
self.token = token | |
def __repr__(self): | |
return f"CloudflareWarp({self.id}, {self.token})" | |
def _getsession(self): | |
if self._session is None: | |
self._session = requests.session() | |
self._session.headers.update( | |
Authorization=f"Bearer {self.token}", | |
) | |
return self._session | |
def getregurl(self): | |
return urljoin(self.API_URL, f"reg/{self.id}") | |
def getregstate(self): | |
s = self._getsession() | |
self.state = s.get(self.getregurl()).json() | |
return self.state | |
def patchreg(self, data): | |
s = self._getsession() | |
self.state = s.patch(self.getregurl(), json=data).json() | |
return self.state | |
def submit_key(self, key): | |
return self.patchreg({"key": key}) | |
def deregister(self): | |
s = self._getsession() | |
s.delete(self.getregurl()) | |
@classmethod | |
def register(cls, creds_path=None): | |
url = urljoin(cls.API_URL, "reg") | |
r = requests.post(url).json() | |
print('Registered as', r['id'], 'with auth token', r['token']) | |
if creds_path: | |
with open(creds_path, "w") as outf: | |
json.dump(r, outf) | |
return cls(r['id'], r['token']) | |
@classmethod | |
def from_json(cls, path): | |
with open(path) as inf: | |
r = json.load(inf) | |
return cls(r['id'], r['token']) | |
def wg_keypair(): | |
p = subprocess.run( | |
["wg", "genkey"], | |
stdout=subprocess.PIPE, | |
encoding="ascii", | |
) | |
private = p.stdout.strip() | |
p = subprocess.run( | |
["wg", "pubkey"], | |
stdout=subprocess.PIPE, | |
encoding="ascii", | |
input=private, | |
) | |
return (private, p.stdout.strip()) | |
def wg_quick_conffile(privkey, cfconfig): | |
return f"""[Interface] | |
PrivateKey = {privkey} | |
Address = {cfconfig['interface']['addresses']['v4']} | |
Address = {cfconfig['interface']['addresses']['v6']} | |
DNS = 1.1.1.1 | |
MTU = 1400 | |
# This fixes up IPv6 depreference due to the use of unique local addressing | |
Address = 2001:db8{cfconfig['interface']['addresses']['v6'][9:]} | |
PostUp = ip6tables -t nat -I POSTROUTING 1 -o %i -j SNAT --to-source {cfconfig['interface']['addresses']['v6']} | |
PreDown = ip6tables -t nat -D POSTROUTING 1 | |
[Peer] | |
PublicKey = {cfconfig['peers'][0]['public_key']} | |
Endpoint = {cfconfig['peers'][0]['endpoint']['host']} | |
#Endpoint = {cfconfig['peers'][0]['endpoint']['v4']} | |
#Endpoint = {cfconfig['peers'][0]['endpoint']['v6']} | |
AllowedIPs = 0.0.0.0/0 | |
AllowedIPs = ::/0 | |
""" | |
def main(): | |
cfgpath = Path("~/.wgcf/").expanduser() | |
credfile = cfgpath / "creds.json" | |
wgfile = cfgpath / "wgcf.conf" | |
os.makedirs(cfgpath, exist_ok=True) | |
try: | |
cf = CloudflareWarp.from_json(credfile) | |
except (FileNotFoundError, json.decoder.JSONDecodeError): | |
cf = CloudflareWarp.register(credfile) | |
priv, pub = wg_keypair() | |
c = cf.submit_key(pub)["config"] | |
with open(wgfile, "w") as outf: | |
outf.write(wg_quick_conffile(priv, c)) | |
print("To connect, run as root:") | |
print("# wg-quick up", wgfile) | |
if __name__ == '__main__': | |
main() |
#!/usr/bin/env bash | |
set -euo pipefail | |
shopt -s inherit_errexit 2>/dev/null || true | |
# this script will generate wg-quick(8) config file | |
# in order to connect to Cloudflare Warp using Wireguard on Linux | |
# note: this is *absolutely not* an official client from Cloudflare | |
# Copyright (C) 2019 Ondrej Caletka | |
# based heavily on macOS client by Jay Freeman (saurik) | |
# Original source: https://cache.saurik.com/twitter/wgcf.sh | |
# Zero Clause BSD license {{{ | |
# | |
# Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. | |
# | |
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
# }}} | |
if ! which jq >/dev/null || ! which wg >/dev/null; then | |
echo "Please install jq and wireguard-tools" | |
exit 0 | |
fi | |
mkdir -p ~/.wgcf | |
chmod 700 ~/.wgcf | |
prv=~/.wgcf/private.key | |
usr=~/.wgcf/identity.cfg | |
cnf=~/.wgcf/wgcf.conf | |
pub=$({ cat "${prv}" 2>/dev/null || wg genkey | tee "${prv}"; } | wg pubkey) | |
test -n "${pub}" | |
api=https://api.cloudflareclient.com/v0i1909051800 | |
ins() { vrb=$1; shift; curl -s -H 'user-agent:' -H 'content-type: application/json' -X "${vrb}" "${api}/$@"; } | |
sec() { ins "$@" -H 'authorization: Bearer '"${reg[1]}"''; } | |
cfgjson=$(if [[ -e "${usr}" ]]; then | |
reg=($(cat "${usr}")) | |
test "${#reg[@]}" -eq 2 | |
sec GET "reg/${reg[0]}" | |
else | |
reg=($(ins POST "reg" -d '{"install_id":"","tos":"'"$(date -u +%FT%T.000Z)"'","key":"'"${pub}"'","fcm_token":"","type":"ios","locale":"en_US"}' | | |
jq -r '.result|.id+" "+.token')) | |
test "${#reg[@]}" -eq 2 | |
echo "${reg[@]}" >"${usr}" | |
sec PATCH "reg/${reg[0]}" -d '{"warp_enabled":true}' | |
fi) | |
# echo $cfgjson | |
cfg=($(echo $cfgjson| jq -r '.result.config|(.peers[0]|.public_key+" "+.endpoint.host)+" "+(.interface.addresses|.v4+" "+.v6)')) | |
test "${#cfg[@]}" -eq 4 | |
cat >"$cnf" <<EOF | |
[Interface] | |
PrivateKey = $(cat "${prv}") | |
DNS = 1.1.1.1 | |
Address = ${cfg[2]} | |
Address = ${cfg[3]} | |
MTU = 1400 | |
# This fixes up IPv6 depreference due to the use of unique local addressing | |
Address = ${cfg[3]/#fd01:5ca1:/2001:db8:} | |
PostUp = ip6tables -t nat -I POSTROUTING 1 -o %i -j SNAT --to-source ${cfg[3]} | |
PreDown = ip6tables -t nat -D POSTROUTING 1 | |
[Peer] | |
PublicKey = ${cfg[0]} | |
AllowedIPs = 0.0.0.0/0 | |
AllowedIPs = ::/0 | |
Endpoint = ${cfg[1]} | |
EOF | |
echo "To connect, run as root:" | |
echo "# wg-quick up ${cnf}" | |
echo "" | |
echo "To disconnect, run as root:" | |
echo "# wg-quick down ${cnf}" |
This comment has been minimized.
This comment has been minimized.
It's not working for me. I'm connecting to the cloudflare network, but next I don't have access to the Internet. |
This comment has been minimized.
This comment has been minimized.
From my experience, it does not work from time to time. Disconnecting and reconnecting usually fixes the problem for me. I guess this has something to do with the slight diversion of the Wireguard protocol used in Cloudflare's implementation. |
This comment has been minimized.
This comment has been minimized.
@luv2dnce33 this does not look like Linux. Your issue is very probably caused by missing IPv6 NAT rule from the fake IPv6 address
|
This comment has been minimized.
This comment has been minimized.
Another reason could be a MTU issue (TLS handshake is usually big). Try lowering MTU of the tunnel interface. |
This comment has been minimized.
This comment has been minimized.
I have no idea, sorry. |
This comment has been minimized.
This comment has been minimized.
@oskar456 wgcf.sh also not works for me.
on mobile phone warp is works with same internet provider as on desktop |
This comment has been minimized.
This comment has been minimized.
Hi. Both the python and bash script don't work for me anymore. I guess Cloudflare changed something on their end. |
This comment has been minimized.
This comment has been minimized.
Indeed, the registration yields 403 error from Cloudflare. I don't know how to fix this. |
This comment has been minimized.
This comment has been minimized.
error code 1020 +1 |
This comment has been minimized.
This comment has been minimized.
This script still works: https://github.com/ViRb3/cloudflare-warp-wireguard-client/blob/master/wgcf.py |
This comment has been minimized.
This comment has been minimized.
I'm pretty sure the problems are caused by missing components of JSON body sent to I don't have time right now to experiment with that. Feel free to experiment yourself or use some other implementations. This one looks pretty easy to use:
|
This comment has been minimized.
This comment has been minimized.
|
This comment has been minimized.
how to copy gererated file to storage/shared?