Secure Browsing with Cloudflare Warp/Warp+ via WireGuard App

Secure Browsing with Cloudflare Warp/Warp+ via WireGuard App


Page content

In an era where online privacy and speed are paramount, the partnership of Cloudflare Warp/Warp+ and the WireGuard app emerges as a dynamic combination. This guide walks you through the process of seamlessly setting up and using Cloudflare’s services through the WireGuard app, ensuring both secure and swift online experiences.


  • Device running an OS compatible with WireGuard app (Windows, macOS, Linux, Android, iOS).
  • WireGuard app installed.
  • Access to Cloudflare Warp/Warp+ via subscription or Cloudflare app.

Steps to Set Up Cloudflare Warp/Warp+ via WireGuard App

1. Install WireGuard App:

Begin by installing the WireGuard app on your device. Installation instructions for various OS can be found on the WireGuard website .

2. Convert Cloudflare Warp/Warp+ Configuration to Wireguard Configuration Profile

2.1 Get the Most Recent WGCF Release

Download the latest version of WGCF from the following link: .

After downloading, ensure the file is renamed “wgcf” for simplicity.

2.2 Generate Wrap Account Config File

Open your terminal application.

Initiate registration a new Cloudflare Warp device and creates a new account, preparing it for connection.

Enter the command wgcf register and press Enter to start the registration process.

$ wgcf register

Using config file: wgcf-account.toml
This project is in no way affiliated with Cloudflare
Cloudflare's Terms of Service:
✔ Yes
2023/08/24 15:47:34 =======================================
2023/08/24 15:47:34 Device name   : 26BA9E
2023/08/24 15:47:34 Device model  : PC
2023/08/24 15:47:34 Device active : true
2023/08/24 15:47:34 Account type  : free
2023/08/24 15:47:34 Role          : child
2023/08/24 15:47:34 Premium data  : 0.00 B
2023/08/24 15:47:34 Quota         : 0.00 B
2023/08/24 15:47:34 =======================================
2023/08/24 15:47:34 Successfully created Cloudflare Warp account

It generate wgcf-account.toml as output file.

Sample content of wgcf-account.toml:

access_token = '6865f3d2-42f9-4a6e-a470-56dd7806dc59'
device_id = '2099ec24-e540-4f99-bed1-6a16522c09ac'
license_key = '12345678-abcdefgh-hijklmop'
private_key = 'FvxWTzYu/1rLYZN7ulnXIak3V8bzKu9gwb/gb0BuTFk='

2.3 Use Cloudflare Warp+ Subscription (Optional)

If you have Cloudflare Warp+ subscription, replace license_key in wgcf_account.toml with your own license key to allow wireguard use Cloudflare Warp+. You need run wgcf update to update the current Cloudflare Warp account config file.

$ wgcf update
2023/08/24 15:51:49 Using config file: wgcf-account.toml
2023/08/24 15:51:49 Updated license key detected, re-binding device to new account
2023/08/24 15:51:53 =======================================
2023/08/24 15:51:53 Device name   : 26BA9E
2023/08/24 15:51:53 Device model  : PC
2023/08/24 15:51:53 Device active : true
2023/08/24 15:51:53 Account type  : limited
2023/08/24 15:51:53 Role          : child
2023/08/24 15:51:53 Premium data  : 21.17 PiB
2023/08/24 15:51:53 Quota         : 21.17 PiB
2023/08/24 15:51:53 =======================================
2023/08/24 15:51:53 Successfully updated Cloudflare Warp account

2.4 Generate WireGuard Configuration Profile

Generates a WireGuard profile from the current Cloudflare Warp account through wgcf-account.toml. Proceed to execute the command wgcf generate.

$ wgcf generate
2023/08/24 15:47:45 Using config file: wgcf-account.toml
2023/08/24 15:47:46 =======================================
2023/08/24 15:47:46 Device name   : 26BA9E
2023/08/24 15:47:46 Device model  : PC
2023/08/24 15:47:46 Device active : true
2023/08/24 15:47:46 Account type  : free
2023/08/24 15:47:46 Role          : child
2023/08/24 15:47:46 Premium data  : 0.00 B
2023/08/24 15:47:46 Quota         : 0.00 B
2023/08/24 15:47:46 =======================================
2023/08/24 15:47:46 Successfully generated WireGuard profile: wgcf-profile.conf

New file wgcf-profile.confwas created for wireguard.

Sample content of wgcf-profile.conf:

PrivateKey = FvxWTzYu/1rLYZN7ulnXIak3V8bzKu9gwb/gb0BuTFk=
Address =
Address = 2606:4700:119:8211:b2b:1231:c123:2abc/128
MTU = 1280
PublicKey = NzU2ODI4RTctNDhFMy00QTQ1LThFOEUtQTcxRDEyCg==
AllowedIPs =
AllowedIPs = ::/0
Endpoint =

3. Open WireGuard App

  • Launch the WireGuard app.

4. Import Configuration

  • In the WireGuard app, import the WireGuard configuration file wgcf-profile.conf generated by wgcf

5. Connect to Cloudflare Warp/Warp+

  • Tap “Connect” in the WireGuard app to initiate connection via Cloudflare’s servers.

6. Verify Connection

  • Check WireGuard app for successful connection status.
  • Test your browsing to confirm Cloudflare service is active.

7. Disconnect Gracefully

  • Always disconnect using the WireGuard app after VPN usage.

The fusion of Cloudflare Warp/Warp+ with the WireGuard app provides both security and speed in online experiences. By following these steps, you unite two powerful technologies to safeguard your activities and enhance your internet connection.

See also:

In-depth analysis of the WireGuard protocol implementation at the source code level

Further insights into the combination of Cloudflare Warp/Warp+ and WireGuard

What is Cloudflare Warp?

Cloudflare Warp is a cutting-edge networking technology that ushers in a new era of security, speed, and privacy for internet users. Developed by Cloudflare, a renowned web infrastructure company, Warp leverages a virtual private network (VPN) to establish a secure connection between your device and Cloudflare’s global network of servers. This connection shields your online activities from potential threats and prying eyes by encrypting data traffic. Notably, Warp’s intelligent routing algorithms ensure that your traffic follows the fastest and most efficient pathways, enhancing your browsing speed and overall internet performance. Whether through the standard Warp or the enhanced Warp+, Cloudflare’s commitment to maintaining a safer and faster internet experience remains unwavering.

What is Cloudflare Warp+?

Cloudflare Warp+ represents a premium extension of the innovative Cloudflare Warp service, offering users an elevated level of online performance and privacy. Building upon the foundation of Warp, Warp+ goes beyond by optimizing the internet experience even further. By leveraging Cloudflare’s expansive network infrastructure, Warp+ not only encrypts your data and shields it from potential threats but also accelerates your online activities through its efficient routing capabilities. This premium service minimizes latency and enhances page load times, delivering a seamless and swift browsing experience. With Cloudflare’s commitment to both security and speed, Warp+ stands as a testament to the company’s dedication to providing users with a safer and more efficient internet environment.

What is Wireguard?

WireGuard is a modern and high-performance open-source VPN (Virtual Private Network) protocol designed to provide secure and efficient communication over the internet. Renowned for its simplicity and effectiveness, WireGuard offers a streamlined alternative to traditional VPN protocols. Its lightweight codebase enables faster connection establishment and data transmission, making it ideal for various applications, from securing your online activities to establishing secure communication between devices in a network. WireGuard’s innovative cryptographic techniques ensure strong security while maintaining a minimal attack surface. Its flexibility and support across multiple platforms have made it a preferred choice for both individual users and organizations seeking a reliable and secure VPN solution.

What is the relation between Cloudflare Warp/Warp+ and Wireguard?

The relationship between Cloudflare Warp/Warp+ and WireGuard is one of collaboration and enhancement within the realm of virtual private networking. Cloudflare Warp/Warp+ leverages the WireGuard protocol as its underlying technology to deliver secure and optimized internet connections. WireGuard’s streamlined codebase and efficient cryptographic methods align perfectly with Cloudflare’s commitment to speed and security. By integrating WireGuard, Cloudflare Warp/Warp+ achieves rapid connection establishment and data transfer while maintaining robust encryption. This partnership allows Cloudflare to offer users a seamless and private browsing experience through Warp, and an accelerated, premium version with Warp+. Ultimately, the synergy between Cloudflare Warp/Warp+ and WireGuard showcases the convergence of modern VPN technology with Cloudflare’s infrastructure, resulting in a powerful combination of security and performance for users.

What is port number used in Warp/Warp+ Wireguard connection?

UDP port 854 is used in Warp/Warp+ Wireguard connection. Note it may wrongly classified as DLEP in Wireshark. You can change Wireshark config to ues Wireguard as decoder.

See also:

In-depth analysis of the WireGuard protocol implementation at the source code level


wgcf command help reference

wgcf is a utility for Cloudflare Warp that allows you to create and manage accounts, assign license keys, and generate WireGuard profiles. Made by Victor (@ViRb3). Project website:

$ wgcf --help
wgcf is a utility for Cloudflare Warp that allows you to create and manage accounts, assign license keys, and generate WireGuard profiles. Made by Victor (@ViRb3). Project website:

  wgcf [flags]
  wgcf [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  generate    Generates a WireGuard profile from the current Cloudflare Warp account
  help        Help about any command
  register    Registers a new Cloudflare Warp device and creates a new account, preparing it for connection
  status      Prints the status of the current Cloudflare Warp device
  trace       Prints trace information about the current internet connection
  update      Updates the current Cloudflare Warp account, preparing it for connection

      --config string   Configuration file (default "wgcf-account.toml")
  -h, --help            help for wgcf

Use "wgcf [command] --help" for more information about a command.