[WGCF] Connect CF WARP to add IPv4/IPv6 network to the server
Based On –> https://github.com/fscarmen/warp
Table of contents
- Script Features
- WARP benefits
- warp run script
- warp-go run script
- How to brush Netflix to unlock WARP IP
- How to offload Netflix to WARP Client Proxy, WireProxy
- Netflix,Google offload method to Client WARP network interface
- WARP+ License and ID acquisition
- WARP network interface data, temporary, permanent shutdown and opening
- WARP Teams how to get and use it in Linux
- WARP principle
Script Features
- Support WARP+ account, with third-party brush WARP+ traffic and upgrade kernel BBR script
- Ordinary user-friendly menu, advanced users can quickly build through suffix options
- Intelligent judgment vps operating system: Ubuntu 16.04, 18.04, 20.04; Debian 9, 10, 11, CentOS 7, 8; Alpine and Arch Linux, please be sure to choose LTS system
Intelligent judgment of hardware structure type: AMD, ARM and s390x - Combined with Linux version and virtualization method, three WireGuard solutions are automatically selected.
Network performance: kernel integration WireGuard > install kernel module > BoringTun > wireguard-go - Intelligently judge the latest version of WGCF author’s github library (Latest release)
- Intelligent analysis of intranet and public IP to generate WGCF configuration file
- Output result, prompt whether to use WARP IP, IP attribution
WARP benefits
- Unlock Netflix streaming
- Avoid Google verification codes or use Google Scholar
- Can call IPv4 interface, so that projects such as Qinglong and V2P can run normally
- Since it can transfer data in both directions, it can be used as a springboard and probe for the other party’s VPS, replacing HE tunnelbroker
- Enables nodes made on IPv6 only VPS to support Telegram
- Nodes built with IPv6 can be used on PassWall and ShadowSocksR Plus+ which only support IPv4
warp run script
first run
wget -N https://raw.githubusercontent.com/fscarmen/warp/main/menu.sh && bash menu.sh [option] [lisence]
run again
warp [option] [lisence]
[option] Variable 1 Variable 2 | Specific action description |
---|---|
h | help |
4 | Original whatever state -> WARP IPv4 |
4 lisence name | Add WARP+ Lisence and device name, such as bash menu.sh 4 N5670ljg-sS9jD334-6o6g4M9F Goodluck |
6 | Original whatever state -> WARP IPv6 |
d | Original no matter what state -> WARP dual stack |
o | WARP switch, the script actively judges the current state and automatically turns it on or off |
u | Uninstall WARP |
n | When the network is disconnected, it is used to brush the WARP network (WARP bug) |
b | Upgrade the kernel, enable BBR and DD |
a | Free WARP Account Upgrade WARP+ |
a lisence | Add WARP+ Lisence based on the above, such as bash menu.sh a N5670ljg-sS9jD334-6o6g4M9F |
p | Brush Warp+ Traffic |
c | Install WARP Linux Client and enable Socks5 proxy mode |
l | Install WARP Linux Client and enable WARP mode |
c lisence | Add WARP+ Lisence on the basis of the above, such as bash menu.sh c N5670ljg-sS9jD334-6o6g4M9F |
r | WARP Linux Client switch |
v | Synchronize scripts to latest version |
i | Replace WARP IP |
e | Install iptables + dnsmasq + ipset streaming media solution |
w | Install the WireProxy solution |
y | WireProxy switch |
Other or empty value | Menu interface |
Example: Want to add Warp dual stack for IPv4 Oracle, run it for the first time
wget -N https://raw.githubusercontent.com/fscarmen/warp/main/menu.sh && bash menu.sh d
Swipe Japanese Netflix to run
warp i jp
How to Unblock WARP IP by Flashing Netflix
You can also use another one-click script to unlock streaming media through WARP: [Brush WARP IP] - Born for WARP to unlock streaming media
Take Hong Kong hk as an example
- crontab schedule task mode, streaming media unlock daemon
bash <(curl -sSL https://raw.githubusercontent.com/fscarmen/tools/main/warp_crontab.sh)
- screen runs in multi-session mode, and the session task name is n
screen -USdm n warp i hk ##Create a session named n
screen -Udr n ##Enter session n to see the operation
## Press Ctrl+a and then press d to exit the n, return to the main interface
screen -ls ##View the list of session windows
screen -SX n quit ##Close meeting n and end the run
- nohup & background operation mode, output the result to the log file
nohup warp i hk > logs 2>&1 & ##Put it into the background to run
jobs -l | grep warp ##See background tasks
cat logs ##View running log files
kill -9 $(jobs -l | grep warp | awk '{print $2}') ##End process
- crobtab scheduled tasks
echo '@reboot root warp i hk' >>/etc/crobtab ##Add a new task to the scheduled task
sed -i '/warp i/d' /etc/crontab ##Delete scheduled tasks
kill -9 $(pgrep -f warp) ##kill the running process
In addition, the user still needs a certain processing ability when encountering problems. For example, if there is no network at the end, you can use the
warp o
switch to obtain it, so it is not written in the script.If the unlocked IP has not been swiped for a long time, you can check whether CloudFlare is maintaining the route locally: https://www.cloudflarestatus.com
Netflix shunting method to WARP Client Proxy, WireProxy
Thanks to vpsxb admin for the original tutorial: Continue to unlock Netflix (7)-WARP socks5 client offload
Install the WARP Client first, assuming the default port 40000 is used
And install mack-a eight-in-one script as an example. Edit /etc/v2ray-agent/xray/conf/10_ipv4_outbounds.json
{
"outbounds": [
{
"protocol": "freedom"
},
{
"tag": "media-unlock",
"protocol": "socks",
"settings": {
"servers": [
{
"address": "127.0.0.1",
"port": 40000,
"users": []
}
]
}
}
],
"routing": {
"domainStrategy": "AsIs",
"rules": [
{
"type": "field",
"domain": [
"geosite:netflix",
"domain:ip.gs"
],
"outboundTag": "media-unlock"
}
]
}
}
Netflix, Google’s method of offloading to Client WARP network interface
Thanks to teacher LUDAN for providing the network interface offloading configuration template, note: 172.16.0.2 is the IP of the CloudFlareWARP network interface
{
"outbounds":[
{
"tag":"INTERNET_OUT",
"protocol":"freedom",
"settings":{
"domainStrategy":"UseIP"
}
},
{
"tag":"CLI_OUT",
"protocol":"freedom",
"settings":{
"domainStrategy":"UseIPv4"
},
"sendThrough":"172.16.0.2"
}
],
"routing":{
"rules":[
{
"type":"field",
"outboundTag":"CLI_OUT",
"domain":[
"geosite:google",
"geosite:netflix",
"domain:ip.gs"
]
},
{
"type":"field",
"outboundTag":"INTERNET_OUT",
"network":"udp,tcp"
}
]
},
"dns":{
"servers":[
"1.1.1.1",
"1.0.0.1"
]
}
}
warp-go run script
first run
wget -N https://raw.githubusercontent.com/fscarmen/warp/main/warp-go.sh && bash warp-go.sh [option] [lisence]
run again
warp-go [option] [lisence]
[option] Variable 1 Variable 2 | Specific action description |
---|---|
h | help |
4 | Original whatever state -> WARP IPv4 |
4 lisence name | Add WARP+ Lisence and device name, such as bash wire-go 4 N5670ljg-sS9jD334-6o6g4M9F Goodluck |
6 | Original whatever state -> WARP IPv6 |
d | Original no matter what state -> WARP dual stack |
o | warp-go switch, the script actively judges the current state and automatically turns it on or off |
u | uninstall warp-go |
a | Free WARP Account Upgrade WARP+ |
a lisence name | Add WARP+ Lisence and device name based on the above, such as bash menu.sh a N5670ljg-sS9jD334-6o6g4M9F Goodluck |
v | Synchronize scripts to latest version |
Other or empty value | Menu interface |
WARP+ License and ID acquisition
Here is the official introduction to Argo 2.0 after using WARP and Team: Argo 2.0: Smart Routing Learns New Tricks
Quoting the original words of the great god Luminous: The actual test WARP+ has no difference from the free version in terms of accessing non-CF websites. Only when accessing the CloudFlare site, the paid version will go to the source site through a data center close to the target through Argo-like technology. The free version is limited to connecting to the origin, and that’s it.
WARP network interface data, temporary, permanent shutdown and startup
WireGuard network interface data, see wg
Temporarily disable and enable WARP (restart after reboot) warp o
The official original instruction wg-quick down wgcf
, resume startup wg-quick up wgcf
Disable startup systemctl disable --now wg-quick@wgcf
, restore startup systemctl enable --now wg-quick@wgcf
WARP Teams how to get and use it in Linux
Thanks to TonyLCH for the information #26, because Team is unlimited, it saves you to brush WARP+ traffic. The general method is:
- Install the Android emulator and install the 1.1.1.1 apk on it to connect
- After connecting to teams, capture the package and replace the obtained information into the wgcf.conf configuration file
Specific original article: Cloudflare for Teams Wireguard Config
Download Download:
1、 Android Studio: MAC WIN
2、 Android platform-tools: MAC WIN
3、 1.1.1.1: Faster & Safer Internet V6.10: Android
WARP principle
WARP is a WireGuard-based network traffic security and acceleration service provided by CloudFlare, which enables you to achieve privacy protection and link optimization through edge nodes connected to CloudFlare.
Its connection entry is dual-stack (both IPv4/IPv6), and after connecting, it can obtain NAT-based IPv4 and IPv6 addresses provided by CF, so our single-stack server can try to connect to WARP to obtain additional network connectivity support . In this way, we can allow IPv6-only servers to access IPv4, and also allow IPv4-only servers to obtain IPv6 access capabilities.
- Add IPv4 for IPv6-only servers
The principle is shown in the figure. All IPv4 traffic is taken over by the WARP network card, enabling IPv4 traffic to access the external network through WARP.
- Add IPv6 for IPv4-only servers
The principle is shown in the figure. All IPv6 traffic is taken over by the WARP network card, enabling IPv6 traffic to access the external network through WARP.
- Dual stack server replacement network
Sometimes our server itself is dual stack, but for various reasons, we may not want to use one of these networks. At this time, we can also take over part of the network connection through WARP to hide our IP address. As for the purpose of this, the greatest significance is to reduce the probability of verification codes appearing in some severely abused computer rooms; at the same time, some content providers treat the landing IP of WARP as the native IP of real users, which can lift some blockades based on IP identification.
- In terms of network performance: kernel integration > kernel module > wireguard-go
Linux 5.6 and above have integrated WireGuard, you can use hostnamectl
or uname -r
to check the version.
Oracle is a KVM fully virtualized VPS host, and the official system chooses the “kernel module” solution without replacing the kernel due to its lower version. If the upgraded kernel is 5.6 and above, the “Kernel Integration” option will be automatically selected.
EUserv is an LXC non-complete virtualized VPS host that shares the host kernel and cannot replace the kernel. Only the “wireguard-go” solution can be selected.