-
-
Save thanksshu/1eb2d79e4aafd5957904842c5a579144 to your computer and use it in GitHub Desktop.
| """ | |
| Generate wireguard config from cloudflare zero trust | |
| Credit to https://gitlab.com/Misaka-blog/warp-script | |
| """ | |
| import datetime | |
| import json | |
| import random | |
| import string | |
| from urllib import request | |
| """ | |
| Parameters | |
| FAQ: | |
| If "HTTP 401": TOKEN has expired, need a new one | |
| If "HTTP 409": PRIVATE_KEY and PUBLIC_KEY have already been used, need a new pair | |
| """ | |
| # Generate public key with `wg genkey` | |
| PRIVATE_KEY = "" | |
| # Generate public key with `echo <private key> | wg pubkey` | |
| PUBLIC_KEY = "" | |
| # Get the TOKEN manually | |
| TOKEN = "" | |
| # Output filename | |
| OUTPUT_FILENAME = "cf_zero_trust.conf" | |
| """ | |
| Generation | |
| """ | |
| print("Initialising...") | |
| install_id = "".join(random.choices(string.ascii_letters + string.digits, k=22)) | |
| fcm_token = f'{install_id}:APA91b{"".join(random.choices(string.ascii_letters + string.digits, k=134))}' | |
| headers = { | |
| "User-Agent": "okhttp/3.12.1", | |
| "CF-Client-Version": "a-6.10-2158", | |
| "Content-Type": "application/json", | |
| "Cf-Access-Jwt-Assertion": TOKEN, | |
| } | |
| data = { | |
| "key": PUBLIC_KEY, | |
| "install_id": install_id, | |
| "fcm_token": fcm_token, | |
| "tos": datetime.datetime.now().isoformat()[:-3] + "Z", | |
| "model": "Linux", | |
| "name": install_id, # Or you name it | |
| "serial_number": install_id, # Or you name it | |
| "locale": "zh_CN", | |
| } | |
| req = request.Request( | |
| "https://api.cloudflareclient.com/v0a2158/reg", | |
| data=json.dumps(data).encode(), | |
| headers=headers, | |
| ) # Register with API version v0a2158 | |
| print("Generating...") | |
| with request.urlopen(req) as resp: | |
| v6_addr = json.load(resp)["config"]["interface"]["addresses"]["v6"] | |
| with open(OUTPUT_FILENAME, "w", newline="") as f: | |
| for line in [ | |
| "[Interface]", | |
| f"PrivateKey = {PRIVATE_KEY}", | |
| f"Address = 172.16.0.2/32, {v6_addr}/128", | |
| "DNS = 1.1.1.1, 1.0.0.1, 2606:4700:4700::1111, 2606:4700:4700::1001", | |
| "MTU = 1280", | |
| "", | |
| "[Peer]", | |
| "PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=", | |
| "AllowedIPs = 0.0.0.0/0, ::/0", | |
| "Endpoint = engage.cloudflareclient.com:2408", | |
| ]: | |
| f.write(f"{line}\n") |
MetalistPavlenko
commented
Aug 14, 2025
How to solve this problem ?
@MetalistPavlenko This script is no longer maintained, maybe you can take a look at https://gitlab.com/Misaka-blog/warp-script?
That project is abandoned, it hasn't been updated for a year. Is it possible to somehow fix your script or are there any other similar ones ?
@MetalistPavlenko Currently no plan for fixing it, maybe one day I'll take a look at it. I'm also searching for an alternative but still haven't found one yet.
There is such a project: https://github.com/AnimMouse/wgcf-connector But this is not a script, but a docker container with the warp connector program inside and a script that pulls data from it and outputs a config
@MetalistPavlenko I'm actually looking for something that works on Windows, and I think I found one called "wgcf": https://github.com/ViRb3/wgcf (thx for the hint).
@thanksshu This repository that you found, it is quite popular, many people know about it. It simply generates a configuration for WARP, but I was looking for a script or information on how to generate not just WARP, but how to generate a config for Cloudflare Zero Trust. I need this in order to unite all my devices into a local network via the Internet, to bypass NAT
@thanksshu In general, generating a config for WARP is not difficult, making such a script is very simple
@MetalistPavlenko This script was derived from https://gitlab.com/Misaka-blog/warp-script and relied on sniffed traffic of WARP. Since I can no longer reproduce that sniffing process, the script cannot be fixed. 😟