1007 文字
5 分

Cloudflare WarpをUbuntuで実行【無料VPN】

概要#

  • Linux のホストで気軽に IPv4 のグローバルアドレスを変えたかったので Cloudflare の warp を使ってみました。
  • Ubuntu だと簡単に導入、接続できました。無料です。
  • Cloudflareのドキュメントではデスクトップ用(GUI)のアプリしか提供指定なさそうですが実際にはCLIによるプログラムが提供されます。

インストール#

こちらの手順通りで大丈夫でした。

GPG を登録

$ curl https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg

apt sourceを追加

$ echo "deb [arch=amd64 signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list
$ sudo apt update
$ sudo apt install warp-cli

設定#

$ warp-cli register
$ warp-cli connect

Warpで接続できているかを検証するためのコマンドがこちらです。 warp=on になっていれば成功です。

% curl -s https://www.cloudflare.com/cdn-cgi/trace/|grep warp
warp=on

IPv4とIPv6のアドレスで外に出ていけます。すばらしいです。

$ curl -4 https://kakunin.teraren.com
104.28.211.105
$ curl -6 https://kakunin.teraren.com
2a09:bac1:3b20:10::16:xxxx

切断するときのコマンドはこちら。リモートで接続している場合は切断される場合があるのでご注意ください。

$ warp-cli disconnect

その他#

統計を出力する場合はこんな感じ。

$ warp-cli warp-stats
Endpoints: 0.0.0.0, 2606:4700:d0::a29f:xxxx
Time since last handshake: 43s
Sent: 305.1MB; Received: 84.5MB
Estimated latency: 12ms
Estimated loss: 0.00%;

回線のベンチマークもしてみます。遅い無料のOpen Proxyに比べれば十分です。

$ speedtest-cli
Retrieving speedtest.net configuration...
Testing from Cloudflare (104.28.211.105)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Alyans Telekom (Vladivostok) [9716.25 km]: 273.563 ms
Testing download speed................................................................................
Download: 9.12 Mbit/s
Testing upload speed......................................................................................................
Upload: 18.09 Mbit/s

ルートの設定も行えるオプションがあるので細かいトラフィックの制御も行えそうです。

matsu@dell:~$ warp-cli help
CLI to the WARP service daemon


Usage: warp-cli [OPTIONS] <COMMAND>


Commands:
  register                     Register with the WARP API, replacing any existing registration (Must be run before first connection!)
  teams-enroll                 Enroll with Cloudflare for Teams
  delete                       Delete current registration
  rotate-keys                  Generate a new key-pair, keeping the current registration
  status                       Ask the daemon to send the current status
  warp-stats                   Retrieve the stats for the current WARP connection
  warp-dns-stats               Retrieve the DNS stats for the current WARP connection
  settings                     Retrieve the current application settings
  connect                      Connect to WARP whenever possible [aliases: enable-always-on]
  disconnect                   Disconnect from WARP [aliases: disable-always-on]
  disable-wifi                 Automatically disable WARP on Wi-Fi networks (disabled for Zero Trust customers)
  enable-wifi                  Allow WARP on Wi-Fi networks (disabled for Zero Trust customers)
  disable-ethernet             Automatically disable WARP on ethernet networks (disabled for Zero Trust customers)
  enable-ethernet              Allow WARP on ethernet networks (disabled for Zero Trust customers)
  add-trusted-ssid             Add a trusted Wi-Fi network for which WARP will be automatically disconnected
  remove-trusted-ssid          Remove a trusted Wi-Fi network
  exclude-private-ips          Exclude private IP ranges from tunnel
  enable-dns-log               Enable DNS logging (Use with the -l option)
  disable-dns-log              Disable DNS logging
  account                      Display the account associated with the current registration
  devices                      Display the list of devices associated with the current registration
  network                      Display the current network information
  get-virtual-networks         List the available virtual networks
  set-virtual-network          Set the currently connected virtual network via the id from get-virtual-networks
  set-mode                     Set the mode
  set-families-mode            Set the families mode
  set-license                  Attach the current registration to a different account using a license key
  set-gateway                  Force the app to use the specified Gateway ID for DNS queries
  clear-gateway                Clear the Gateway ID
  set-custom-endpoint          Force the client to connect to the specified IP:PORT endpoint (Zero Trust customers must run this command as a privileged user)
  clear-custom-endpoint        Remove the custom endpoint setting
  add-excluded-route           Add an excluded IP
  remove-excluded-route        Remove an excluded IP
  get-excluded-routes          Get the list of excluded routes
  get-included-routes          Get the list of included routes
  get-excluded-hosts           Get the list of excluded hosts
  get-included-hosts           Get the list of included hosts
  add-excluded-host            Add an excluded host
  remove-excluded-host         Remove an excluded host
  add-fallback-domain          Add a domain that should be resolved with the fallback resolver instead of WARP's
  remove-fallback-domain       Stop a domain from being resolved with the fallback resolver
  get-fallback-domains         Get the list of domains that go to the fallback resolver
  restore-fallback-domains     Restore the list of fallback resolver domains to its default value
  get-device-posture           Get the current device posture
  override                     Temporarily override MDM policies that require the client to stay enabled
  set-proxy-port               Set the listening port for WARP proxy (127.0.0.1:{port})
  is-mode-switch-allowed       Outputs true if Teams users should be able to change connection mode, or false if not
  reset-settings               Restore settings to default
  get-organization             Get the name of the Teams organization currently in settings
  access-reauth                Force refresh authentication with Cloudflare Access
  get-support-url              Get the support url for the current Teams organization
  get-pause-end                Retrieve the pause end time
  get-override-end             Retrieve the admin override end time
  disable-connectivity-checks  Disable the runtime connectivity checks
  enable-connectivity-checks   Enable the runtime connectivity checks
  dump-excluded-routes         Get split tunnel routing dump. For include-only mode, this shows routes NOT included
  get-alternate-network        Get the name of the currently detected alternate network, if any
  get-dex-data                 Get the most recently uploaded DEX data. Returns the most recent test for each dex metric
  help                         Print this message or the help of the given subcommand(s)


Options:
  -l, --listen      Listen for status changes and DNS logs (if enabled)
      --accept-tos  Accept the Terms of Service agreement
  -v, --verbose...  Enable verbose output. Multiple "v"s adds more verbosity
  -h, --help        Print help
  -V, --version     Print version

まとめ#

  • Cloudflare の warp を使えば無料で簡単に VPN 経由でインターネットに接続できます。
Cloudflare WarpをUbuntuで実行【無料VPN】
https://blog.teraren.com/posts/cloudflare-ubuntu-vpn/
作者
Yuki Matsukura
公開日
2023-06-07
ライセンス
CC BY-NC-SA 4.0
Ubuntu live patchを導入してみた
CloudWatchのlog insightでjsonデータに対してのフィルタ例

関連記事

実家のネットワークインフラを整備 | 3階建RC造にWiFi AP3台配置
実家のネットワークインフラを整備 | 3階建RC造にWiFi AP3台配置
2026-01-09Network & Infrastructure
QNAP NASにTailscaleをインストールして外出先からアクセスできるようにする
QNAP NASにTailscaleをインストールして外出先からアクセスできるようにする
2025-12-19Network & Infrastructure
DELL POWEREDGE T320資料写真
DELL POWEREDGE T320資料写真
2025-06-26Network & Infrastructure
この記事が役に立ったら
GitHub Sponsorsで応援できます

コメント