Skip to main content

Crate warp_wireguard_gen

Crate warp_wireguard_gen 

Source
Expand description

Generate WireGuard configurations by registering with Cloudflare WARP.

This crate provides functionality to:

  • Register a new device with Cloudflare WARP (consumer)
  • Register a device with Cloudflare for Teams / Zero Trust
  • Retrieve WireGuard configuration for connecting through WARP
  • Optionally apply a Warp+ license key

§Example

use warp_wireguard_gen::{register, RegistrationOptions};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Register with default options (consumer WARP)
    let (config, credentials) = register(RegistrationOptions::default()).await?;
     
    // Use config with wireguard-netstack...
    // Optionally save credentials for reuse...
     
    Ok(())
}

§Cloudflare for Teams (Zero Trust) Enrollment

To enroll with Cloudflare for Teams:

  1. Visit https://<team-name>.cloudflareaccess.com/warp
  2. Authenticate as you would with the official WARP client
  3. Extract the JWT token from the page source or use browser console:
    console.log(document.querySelector("meta[http-equiv='refresh']").content.split("=")[2])
  4. Pass the JWT token via TeamsEnrollment in RegistrationOptions
use warp_wireguard_gen::{register, RegistrationOptions, TeamsEnrollment};

let (config, credentials) = register(RegistrationOptions {
    device_model: "PC".to_string(),
    license_key: None,
    teams: Some(TeamsEnrollment {
        jwt_token: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...".to_string(),
        device_name: Some("My Device".to_string()),
        serial_number: None,
    }),
}).await?;

§Feature Flags

  • serde: Enables Serialize and Deserialize for WarpCredentials, allowing easy persistence to JSON, TOML, etc.

§Credential Persistence

The WarpCredentials struct returned by register contains all the information needed to reconnect without re-registering. Enable the serde feature to serialize credentials for storage.

use warp_wireguard_gen::{register, get_config, RegistrationOptions, WarpCredentials};

// First run: register and save credentials
let (config, credentials) = register(RegistrationOptions::default()).await?;
let json = serde_json::to_string_pretty(&credentials)?;
std::fs::write("warp-credentials.json", &json)?;

// Later: load credentials and get fresh config
let json = std::fs::read_to_string("warp-credentials.json")?;
let credentials: WarpCredentials = serde_json::from_str(&json)?;
let config = get_config(&credentials).await?;

Re-exports§

pub use error::Error;
pub use error::Result;

Modules§

api
Cloudflare WARP API client implementation.
error
Error types for the warp-wireguard-gen crate.
keys
X25519 key generation for WireGuard.
types
API request and response types for the Cloudflare WARP API.

Structs§

RegistrationOptions
Options for registering a new WARP device.
TeamsEnrollment
Cloudflare for Teams (Zero Trust) enrollment configuration.
WarpCredentials
Credentials for an existing WARP device registration.

Functions§

generate_keypair
Generate a new X25519 keypair.
get_config
Get a WireGuard configuration using existing credentials.
register
Register a new device with Cloudflare WARP and get a WireGuard configuration.
update_license
Update the license key on an existing registration.