Secure Your DietPi OS with Cloudflare WARP

If you are looking to enhance your internet security and privacy on your DietPi OS, Cloudflare WARP is a fantastic choice. In this guide, we will walk you through the process of installing and setting up Cloudflare WARP in two different ways:

1. Branch 1 (Generic Registration)

2. Branch 2 (Organizational Enrollment)

Let’s dive in!

Why Cloudflare WARP?

Cloudflare WARP is more than just a VPN; it is designed to make your internet faster, more private, and more secure. By routing your internet traffic through Cloudflare’s global network, WARP ensures that your data is protected and your connection remains speedy.

Getting Started with Cloudflare WARP

1. Add Cloudflare’s GPG Key

Open your DietPi terminal and run the following command to download and add Cloudflare’s GPG key:

curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg

2. Add the Cloudflare WARP Repository

Next, we will add the Cloudflare WARP repository to your system's package sources. This allows us to easily install and update WARP using apt.

Note: Replace bookworm with your specific Debian codename if you are not on the latest version. You can find your codename by running:

cat /etc/os-release | grep PRETTY_NAME

Then add the repository:

echo "deb [signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ bookworm main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list

3. Update Your Package List

sudo apt-get update

4. Install the Cloudflare WARP Client

sudo apt-get install cloudflare-warp

Branch 1: Generic Registration

If you just want to register your DietPi device with a generic, personal Cloudflare WARP account, follow these steps.

1. Register Your Device

sudo warp-cli registration new

2. Connect to Cloudflare WARP

sudo warp-cli connect

3. Verify Connection

Check the status of your WARP connection:

warp-cli status

If it shows that you are connected, you are good to go. Your internet connection is now more secure and private!

Branch 2: Registering into an Organization

If you need to enroll your Cloudflare WARP client into an existing Cloudflare organization (for example, if your team or company provides you with an organizational account), follow these steps instead of the generic registration above.

1. Delete Any Existing Registration

If you have previously registered WARP on your device (for instance, with a personal account), remove that registration first:

sudo warp-cli registration delete

Use this command to check your current registration status if needed:

warp-cli registration show

2. Access Your Organization’s WARP Portal

In your web browser, go to:

https://<team>.cloudflareaccess.com/warp

Replace <team> with the name of your team or organization, and sign in using your organization credentials.

3. Copy the Registration Token

After you sign in, you will be redirected back to the same page with a success message and a button labeled “Open Cloudflare WARP,” as shown below.

Inspect this button. Its code will look something like this:ht

<button onclick="location.href = 'com.cloudflare.warp://<team>.cloudflareaccess.com/auth?token=...'">
  Open Cloudflare WARP
</button>

Copy the https://<team>.cloudflareaccess.com/auth?token=... URL from the onClick attribute.

4. Register with the Token

Back in your terminal, run:

warp-cli registration token https://<team>.cloudflareaccess.com/auth?token=eyJhbGciOi...

Replace the above URL with the exact URL you copied from the button.

5. Confirm Your Registration

Check if you are successfully enrolled in the organization:

warp-cli registration organization

If it shows a non-empty string matching your , you have successfully enrolled under your organization’s Cloudflare WARP.

6. Connect and Verify

Finally, connect to WARP (if not already connected) and check your status:

warp-cli connect
warp-cli status

If your status shows you are connected and the organization is recognized, your device is now securely routing traffic through your organization’s Cloudflare WARP setup!