Support Teams/Zero Trust #56
Comments
|
Not in the foreseeable future, but I am happy to take PRs. |
|
I also need and are willing to provide a team account for testing. |
|
I could also spend weekend cycles on this |
|
Cloudflare teams for linux has been released. https://blog.cloudflare.com/announcing-warp-for-linux-and-proxy-mode/ |
|
@sitepodmatt It'd still be nice if we could use native WireGuard with Cloudflare for Teams. |
|
Agreed but I'm happy at least now there is official linux support - that can also run headless too |
|
@sitepodmatt only amd64 binaries published for now.. |
|
Reverse engineered API using Frida and Android App. Teams login utilizes JWT token obtained from .cloudflareaccess.com/warp to fetch Bearer token. After that, the flow is same as normal one. The problem is, I am very new to Go, so I need someone's help to implement teams login. (sorry for bad English, I stay up whole night to make mitmproxy and frida hook working and my brain is not working properly now) |
|
To implement this, I need some help. The Teams API returns different scheme when I supplied Cf-Access-Jwt-Assertion header to /{ApiVersion}/reg, compared to normal registration process. @ViRb3 Can you instruct me how I can support this kind of behavior using current test-suite based API doc generation? Also, when I try to generate API using the script, my result completely breaks API compatibility between current version. How can I fix this? (version info: useoptic/cli/10.3.0, opanapi-generator-cli 5.2.1) |
|
Would be very helpful if cloudflare for teams is supported. As in India, Jio is blocking Warp ports, so warp (even warp +) does not work. Only way to bypass Jio block is to use warp for teams. |
|
@AD2011 sorry for being a bit out of context but how does Teams help circumventing ISP blocking in India? As far as I know they are blocking the UDP ports for the Wireguard protocol. Correct me if I am wrong. |
|
Yeah you are correct. According to this post: https://broadbandforum.co/threads/reliance-jio-is-blocking-cloudflare-warp-nextdns.212012/ Jio is blocking warp ports: 2408,1701,500,4500 for Warp Ingress IP Range: 162.159.193.0/24 |
|
Can someone provide more details on the current registration flow for zero trust accounts? I guess we'll need a sso auth flow like the official warp-cli. |
|
@nwpr |
|
@karuboniru when did you check this? According to the Cloudflare Zero Trust docs, the orchestration API endpoint should be located at zero-trust-client.cloudflareclient.com. The endpoint could have changed since you've looked into that, or there is some other magic going on here. I've seen both endpoints appear in warp client logs - maybe depending on which type of account is used? Or it's just a fallback if the primary endpoint is not working. |
Ah, my mistake, I pasted wrong piece of my notes. You are right. But it seems that |
|
I've just dived into the Zero Trust/Access documentation. In theory it should be possible to use cloudflared for acquiring a service token instead of grabbing the jwt from somewhere. @karuboniru: Could you try the registration again using the If this works, the implementation may be very easy. |
|
I did some packet sniffing on an iPad and was able to make a simple POC (repo here). Currently it can complete the first request that uses the token you get from https://*.cloudflareaccess.com/warp to get the bearer token among other credentials, but I think more requests is needed to complete the registration cause the profile it generates doesn't work. I'll dig deeper into wgcf to figure out how to complete the registration. |
Only the single request to /reg is required. After that the public key is registered and the connection should establish. Tested it and works for me. |
Huh. Did you try my tool? If not then it might be bugged. |
|
Ok I figured out why It failed to register. Turns out the "key" field is for public keys, not private keys. |
|
I don't know but I found this maybe it helps |
I've tried: and indeed it shows: but unfortunatelly after I click "Approve" it displays: in the console |
I tried this mehod, but could not find the Client Private Key in the com.cloudflare.onedotonedotonedotone_preferences.xml file. |
|
@cpedia Didn't find the private key, too. |
|
This works... https://github.com/rany2/warp.sh |
|
@milindpatel63 Script is awesome, works perfectly to create a new profile. However not sure what to do with the wgcf-account.toml. What did you do to get it working? |
No need to use this tool for generating wireguard config. |
Is there any plans to support Teams? (i.e. Warp for business)
The text was updated successfully, but these errors were encountered: