[WGCF] Connect CF WARP to add IPv4/IPv6 network to the server

Based On –> https://github.com/fscarmen/warp


Table of contents


Script Features

  • Support WARP+ account, with third-party brush WARP+ traffic and upgrade kernel BBR script
  • Ordinary user-friendly menu, advanced users can quickly build through suffix options
  • Intelligent judgment vps operating system: Ubuntu 16.04, 18.04, 20.04; Debian 9, 10, 11, CentOS 7, 8; Alpine and Arch Linux, please be sure to choose LTS system
    Intelligent judgment of hardware structure type: AMD, ARM and s390x
  • Combined with Linux version and virtualization method, three WireGuard solutions are automatically selected.
    Network performance: kernel integration WireGuard > install kernel module > BoringTun > wireguard-go
  • Intelligently judge the latest version of WGCF author’s github library (Latest release)
  • Intelligent analysis of intranet and public IP to generate WGCF configuration file
  • Output result, prompt whether to use WARP IP, IP attribution

WARP benefits

  • Unlock Netflix streaming
  • Avoid Google verification codes or use Google Scholar
  • Can call IPv4 interface, so that projects such as Qinglong and V2P can run normally
  • Since it can transfer data in both directions, it can be used as a springboard and probe for the other party’s VPS, replacing HE tunnelbroker
  • Enables nodes made on IPv6 only VPS to support Telegram
  • Nodes built with IPv6 can be used on PassWall and ShadowSocksR Plus+ which only support IPv4

warp run script

first run

wget -N https://raw.githubusercontent.com/fscarmen/warp/main/menu.sh && bash menu.sh [option] [lisence]

run again

warp [option] [lisence]
[option] Variable 1 Variable 2Specific action description
hhelp
4Original whatever state -> WARP IPv4
4 lisence nameAdd WARP+ Lisence and device name, such as bash menu.sh 4 N5670ljg-sS9jD334-6o6g4M9F Goodluck
6Original whatever state -> WARP IPv6
dOriginal no matter what state -> WARP dual stack
oWARP switch, the script actively judges the current state and automatically turns it on or off
uUninstall WARP
nWhen the network is disconnected, it is used to brush the WARP network (WARP bug)
bUpgrade the kernel, enable BBR and DD
aFree WARP Account Upgrade WARP+
a lisenceAdd WARP+ Lisence based on the above, such as bash menu.sh a N5670ljg-sS9jD334-6o6g4M9F
pBrush Warp+ Traffic
cInstall WARP Linux Client and enable Socks5 proxy mode
lInstall WARP Linux Client and enable WARP mode
c lisenceAdd WARP+ Lisence on the basis of the above, such as bash menu.sh c N5670ljg-sS9jD334-6o6g4M9F
rWARP Linux Client switch
vSynchronize scripts to latest version
iReplace WARP IP
eInstall iptables + dnsmasq + ipset streaming media solution
wInstall the WireProxy solution
yWireProxy switch
Other or empty valueMenu interface

Example: Want to add Warp dual stack for IPv4 Oracle, run it for the first time

wget -N https://raw.githubusercontent.com/fscarmen/warp/main/menu.sh && bash menu.sh d

Swipe Japanese Netflix to run

warp i jp

How to Unblock WARP IP by Flashing Netflix

You can also use another one-click script to unlock streaming media through WARP: [Brush WARP IP] - Born for WARP to unlock streaming media

Take Hong Kong hk as an example

  • crontab schedule task mode, streaming media unlock daemon
bash <(curl -sSL https://raw.githubusercontent.com/fscarmen/tools/main/warp_crontab.sh)
  • screen runs in multi-session mode, and the session task name is n
screen -USdm n warp i hk ##Create a session named n
screen -Udr n ##Enter session n to see the operation
## Press Ctrl+a and then press d to exit the n, return to the main interface
screen -ls ##View the list of session windows
screen -SX n quit ##Close meeting n and end the run
  • nohup & background operation mode, output the result to the log file
nohup warp i hk > logs 2>&1 & ##Put it into the background to run
jobs -l | grep warp ##See background tasks
cat logs ##View running log files
kill -9 $(jobs -l | grep warp | awk '{print $2}') ##End process
  • crobtab scheduled tasks
echo '@reboot root warp i hk' >>/etc/crobtab ##Add a new task to the scheduled task
sed -i '/warp i/d' /etc/crontab ##Delete scheduled tasks
kill -9 $(pgrep -f warp) ##kill the running process
  • In addition, the user still needs a certain processing ability when encountering problems. For example, if there is no network at the end, you can use the warp o switch to obtain it, so it is not written in the script.

  • If the unlocked IP has not been swiped for a long time, you can check whether CloudFlare is maintaining the route locally: https://www.cloudflarestatus.com

Netflix shunting method to WARP Client Proxy, WireProxy

Thanks to vpsxb admin for the original tutorial: Continue to unlock Netflix (7)-WARP socks5 client offload

Install the WARP Client first, assuming the default port 40000 is used And install mack-a eight-in-one script as an example. Edit /etc/v2ray-agent/xray/conf/10_ipv4_outbounds.json

{
    "outbounds": [
        {
            "protocol": "freedom"
        },
        {
            "tag": "media-unlock",
            "protocol": "socks",
            "settings": {
                "servers": [
                    {
                        "address": "127.0.0.1",
                        "port": 40000,
                        "users": []
                    }
                ]
            }
        }
    ],
    "routing": {
        "domainStrategy": "AsIs",
        "rules": [
            {
                "type": "field",
                "domain": [
                    "geosite:netflix",
                    "domain:ip.gs"
                ],
                "outboundTag": "media-unlock"
            }
        ]
    }
}

Netflix, Google’s method of offloading to Client WARP network interface

Thanks to teacher LUDAN for providing the network interface offloading configuration template, note: 172.16.0.2 is the IP of the CloudFlareWARP network interface

{
    "outbounds":[
        {
            "tag":"INTERNET_OUT",
            "protocol":"freedom",
            "settings":{
                "domainStrategy":"UseIP"
            }
        },
        {
            "tag":"CLI_OUT",
            "protocol":"freedom",
            "settings":{
                "domainStrategy":"UseIPv4"
            },
            "sendThrough":"172.16.0.2"
        }
    ],
    "routing":{
        "rules":[
            {
                "type":"field",
                "outboundTag":"CLI_OUT",
                "domain":[
                    "geosite:google",
                    "geosite:netflix",
                    "domain:ip.gs"
                ]
            },
            {
                "type":"field",
                "outboundTag":"INTERNET_OUT",
                "network":"udp,tcp"
            }
        ]
    },
    "dns":{
        "servers":[
            "1.1.1.1",
            "1.0.0.1"
        ]
    }
}

warp-go run script

first run

wget -N https://raw.githubusercontent.com/fscarmen/warp/main/warp-go.sh && bash warp-go.sh [option] [lisence]

run again

warp-go [option] [lisence]
[option] Variable 1 Variable 2Specific action description
hhelp
4Original whatever state -> WARP IPv4
4 lisence nameAdd WARP+ Lisence and device name, such as bash wire-go 4 N5670ljg-sS9jD334-6o6g4M9F Goodluck
6Original whatever state -> WARP IPv6
dOriginal no matter what state -> WARP dual stack
owarp-go switch, the script actively judges the current state and automatically turns it on or off
uuninstall warp-go
aFree WARP Account Upgrade WARP+
a lisence nameAdd WARP+ Lisence and device name based on the above, such as bash menu.sh a N5670ljg-sS9jD334-6o6g4M9F Goodluck
vSynchronize scripts to latest version
Other or empty valueMenu interface

WARP+ License and ID acquisition

Here is the official introduction to Argo 2.0 after using WARP and Team: Argo 2.0: Smart Routing Learns New Tricks

Quoting the original words of the great god Luminous: The actual test WARP+ has no difference from the free version in terms of accessing non-CF websites. Only when accessing the CloudFlare site, the paid version will go to the source site through a data center close to the target through Argo-like technology. The free version is limited to connecting to the origin, and that’s it.

WARP network interface data, temporary, permanent shutdown and startup

WireGuard network interface data, see wg

Temporarily disable and enable WARP (restart after reboot) warp o The official original instruction wg-quick down wgcf, resume startup wg-quick up wgcf

Disable startup systemctl disable --now wg-quick@wgcf, restore startup systemctl enable --now wg-quick@wgcf

WARP Teams how to get and use it in Linux

  • Thanks to TonyLCH for the information #26, because Team is unlimited, it saves you to brush WARP+ traffic. The general method is:

    1. Install the Android emulator and install the 1.1.1.1 apk on it to connect
    2. After connecting to teams, capture the package and replace the obtained information into the wgcf.conf configuration file

    Specific original article: Cloudflare for Teams Wireguard Config

  • Download Download:
    1、 Android Studio: MAC WIN
    2、 Android platform-tools: MAC WIN
    3、 1.1.1.1: Faster & Safer Internet V6.10: Android

WARP principle

WARP is a WireGuard-based network traffic security and acceleration service provided by CloudFlare, which enables you to achieve privacy protection and link optimization through edge nodes connected to CloudFlare.

Its connection entry is dual-stack (both IPv4/IPv6), and after connecting, it can obtain NAT-based IPv4 and IPv6 addresses provided by CF, so our single-stack server can try to connect to WARP to obtain additional network connectivity support . In this way, we can allow IPv6-only servers to access IPv4, and also allow IPv4-only servers to obtain IPv6 access capabilities.

  • Add IPv4 for IPv6-only servers

The principle is shown in the figure. All IPv4 traffic is taken over by the WARP network card, enabling IPv4 traffic to access the external network through WARP.

  • Add IPv6 for IPv4-only servers

The principle is shown in the figure. All IPv6 traffic is taken over by the WARP network card, enabling IPv6 traffic to access the external network through WARP.

  • Dual stack server replacement network

Sometimes our server itself is dual stack, but for various reasons, we may not want to use one of these networks. At this time, we can also take over part of the network connection through WARP to hide our IP address. As for the purpose of this, the greatest significance is to reduce the probability of verification codes appearing in some severely abused computer rooms; at the same time, some content providers treat the landing IP of WARP as the native IP of real users, which can lift some blockades based on IP identification.

  • In terms of network performance: kernel integration > kernel module > wireguard-go

Linux 5.6 and above have integrated WireGuard, you can use hostnamectl or uname -r to check the version.

Oracle is a KVM fully virtualized VPS host, and the official system chooses the “kernel module” solution without replacing the kernel due to its lower version. If the upgraded kernel is 5.6 and above, the “Kernel Integration” option will be automatically selected.

EUserv is an LXC non-complete virtualized VPS host that shares the host kernel and cannot replace the kernel. Only the “wireguard-go” solution can be selected.