warp-wireguard-gen 0.1.6

Generate WireGuard configs by registering with Cloudflare WARP
Documentation

Generate WireGuard configurations by registering with Cloudflare WARP.

This crate provides functionality to:

  • Register a new device with Cloudflare WARP (consumer)
  • Register a device with Cloudflare for Teams / Zero Trust
  • Retrieve WireGuard configuration for connecting through WARP
  • Optionally apply a Warp+ license key

Example

use warp_wireguard_gen::{register, RegistrationOptions};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Register with default options (consumer WARP)
    let (config, credentials) = register(RegistrationOptions::default()).await?;
    
    // Use config with wireguard-netstack...
    // Optionally save credentials for reuse...
    
    Ok(())
}

Cloudflare for Teams (Zero Trust) Enrollment

To enroll with Cloudflare for Teams:

  1. Visit https://<team-name>.cloudflareaccess.com/warp
  2. Authenticate as you would with the official WARP client
  3. Extract the JWT token from the page source or use browser console: 
    console.log(document.querySelector("meta[http-equiv='refresh']").content.split("=")[2])
  4. Pass the JWT token via [TeamsEnrollment] in [RegistrationOptions]
use warp_wireguard_gen::{register, RegistrationOptions, TeamsEnrollment};

# async fn example() -> warp_wireguard_gen::Result<()> {
let (config, credentials) = register(RegistrationOptions {
    device_model: "PC".to_string(),
    license_key: None,
    teams: Some(TeamsEnrollment {
        jwt_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...".to_string(),
        device_name: Some("My Device".to_string()),
        serial_number: None,
    }),
}).await?;
# Ok(())
# }

Feature Flags

  • serde: Enables Serialize and Deserialize for WarpCredentials, allowing easy persistence to JSON, TOML, etc.

Credential Persistence

The [WarpCredentials] struct returned by [register] contains all the information needed to reconnect without re-registering. Enable the serde feature to serialize credentials for storage.

# #[cfg(feature = "serde")]
# fn example() -> Result<(), Box<dyn std::error::Error>> {
use warp_wireguard_gen::{register, get_config, RegistrationOptions, WarpCredentials};

// First run: register and save credentials
# tokio::runtime::Runtime::new().unwrap().block_on(async {
let (config, credentials) = register(RegistrationOptions::default()).await?;
let json = serde_json::to_string_pretty(&credentials)?;
std::fs::write("warp-credentials.json", &json)?;

// Later: load credentials and get fresh config
let json = std::fs::read_to_string("warp-credentials.json")?;
let credentials: WarpCredentials = serde_json::from_str(&json)?;
let config = get_config(&credentials).await?;
# Ok::<(), Box<dyn std::error::Error>>(())
# });
# Ok(())
# }