azidanit/how_to_make_egress_tunnel.md

Created January 26, 2026 16:11

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/azidanit/e19da4ee0230e27e18ec11e3af7a91d6.js"></script>
Save azidanit/e19da4ee0230e27e18ec11e3af7a91d6 to your computer and use it in GitHub Desktop.

Download ZIP

Deploy Egress Tunnel CF

Raw

how_to_make_egress_tunnel.md

Create LXC
- IMPORTANT: https://www.reddit.com/r/CloudFlare/comments/1hr6aei/cloudflare_warp_connector_proxmox_lxc/

lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.mount.auto: proc:rw sys:rw
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

install warp-cli https://developers.cloudflare.com/cloudflare-one/tutorials/warp-on-headless-linux/
set NAT routing

root@rmr-egress-cf:~# iptables -t nat -A POSTROUTING -o CloudflareWARP -j MASQUERADE
root@rmr-egress-cf:~# iptables -A FORWARD -i eth0 -o CloudflareWARP -j ACCEPT
root@rmr-egress-cf:~# iptables -A FORWARD -i CloudflareWARP -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

to make permanent

apt install -y iptables-persistent
netfilter-persistent save

set routing in mikrotik (used as wan)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment