CloudFlare CFWARP wgcf 手动开启和原理解析

Summary

• https://github.com/P3TERX/warp.sh

步骤

# 安装wgcf Cloud­flare WARP 的非官方 CLI 工具，它可以模拟 WARP 客户端注册账号，并生成通用的 Wire­Guard 配置文件
curl -fsSL git.io/wgcf.sh | sudo bash
# 注册 WARP 账户 (将生成 wgcf-account.toml 文件保存账户信息)
wgcf register 
# 生成 Wire­Guard 配置文件 (wgcf-profile.conf)
wgcf generate
# 生成的两个文件记得备份好，尤其是 wgcf-profile.conf - 下次可以重用

nslookup engage.cloudflareclient.com

# IPv4 Only 服务器添加 WARP IPv6 网络支持(允许所有IPv6的流量通过IPv4的Endpoint转出去)
vi wgcf-profile.conf
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = ::/0
Endpoint = 162.159.192.1:2408

DNS = 8.8.8.8,8.8.4.4,2001:4860:4860::8888,2001:4860:4860::8844



# IPv6 Only 服务器添加 WARP IPv4 网络支持(允许所有IPv4的流量通过IPv6的Endpoint转出去)
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
Endpoint = [2606:4700:d0::a29f:c001]:2408

DNS = 2001:4860:4860::8888,2001:4860:4860::8844,8.8.8.8,8.8.4.4



# 双栈 WARP 全局网络置换
[Interface]
...
PostUp = ip -4 rule add from <替换IPv4地址> lookup main
PostDown = ip -4 rule delete from <替换IPv4地址> lookup main
PostUp = ip -6 rule add from <替换IPv6地址> lookup main
PostDown = ip -6 rule delete from <替换IPv6地址> lookup main
[Peer]
...

启用 WireGuard 网络接口

sudo cp wgcf-profile.conf /etc/wireguard/wgcf.conf
# 开启
sudo wg-quick up wgcf

ip a
# IPv4 Only VPS
curl -6 ip.p3terx.com
# IPv6 Only VPS
curl -4 ip.p3terx.com

# 关闭相关接口
sudo wg-quick down wgcf


# 正式启用 Wire­Guard 网络接口
# 启用守护进程
sudo systemctl start wg-quick@wgcf
# 设置开机启动
sudo systemctl enable wg-quick@wgcf