Setting Up Cloudflare WARP on Proxmox LXC: A Complete Guide

Cloudflare WARP provides a secure, encrypted connection between your server and Cloudflare’s network, improving security and reducing latency. However, setting it up in a Proxmox LXC container isn’t straightforward due to containerized networking limitations.

By default, Cloudflare WARP won’t work in an LXC environment, but with a few modifications, you can get it running smoothly. Let’s go step by step.

Prerequisites

• A Proxmox server (configured with LXC support).
• An Ubuntu/Debian-based LXC container (privileged or unprivileged).
• Root access to Proxmox and the container.

Step 1: Create an LXC Container

1. Log in to Proxmox and create an Ubuntu/Debian LXC container. You can use the Proxmox Helper script.
2. Ensure the container is either privileged or properly configured for networking.
3. Set up a static IP for the container if needed.

Step 2: Fix Networking Issues in LXC

By default, Cloudflare WARP fails in LXC due to missing permissions for fuse, dev/tun, and sysctl. To fix this:

Modify LXC Container Config

Run the following on the Proxmox host:

nano /etc/pve/lxc/<container_id>.conf

Add these lines at the end:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

Save and exit (Ctrl+X, then Y and Enter).

Restart the Container

pct stop <container_id>
pct start <container_id>

Now, networking capabilities should work inside the container.

Step 3: Install Cloudflare WARP

Log into the LXC container and run:

# Add gpg,curl,lsb-release package if not installed
sudo apt-get update && sudo apt-get install curl gpg gnupg2 lsb-release -y

# Add cloudflare gpg key
curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg

# Add this repo to your apt repositories
echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list

# Install
sudo apt-get update && sudo apt-get install cloudflare-warp -y

After installation, check if WARP is working:

warp-cli --version

Step 4: Register and Connect WARP

Authenticate with Cloudflare:

warp-cli register

Connect to WARP:

warp-cli connect

Check Connection Status:

warp-cli status
warp-cli tunnel stats

You should see Connected

Step 5: Verify Connectivity

Test if your public IP matches Cloudflare’s network:

curl ifconfig.me -4

curl ifconfig.me -6

You should see a Cloudflare IP instead of your ISP’s.

You may need to change tunnel mode to WARP+DOH if you like to use CloudFlare IP.

warp-cli mode warp+doh

For further debugging:

warp-cli diagnostics

Conclusion

You’ve successfully set up Cloudflare WARP on a Proxmox LXC container! This setup ensures your container benefits from WARP’s encryption, security, and improved routing.