Play with Cloudflare Zero Touch

[vhbui02]

• Comment out all DNS settings in /etc/systemd/resolved.conf, as told in Cloudflare Zero Touch FAQ's "WARP on Linux shows DNS connectivity check failed". curl -s https://www.cloudflare.com/cdn-cgi/trace | grep -i 'warp=' show 'warp=plus'.
• Add Cloudflare's root CA to OS, GitHub, Python and NPM. The files are specified here /etc/pki/ca-trust/source/anchors.
• Use split tunnelling Include mode so gateway=off is the right behavior, as specified in this post.

TODO:

• Confirm that LibreWolf Flatpak has imported the root CA.
• VSCodium Flatpak hasn't been able to import the root CA files so git inside VSCodium Flatpak can use it , despite setting the permissions.
• GitHub Copilot Chat sometimes can't connect, might be resolved if the above problem is resolved as well.

[vhbui02]

Right now, I don't know where does Split Tunnelling behavior apply? Is it the host system where Warp CLI is installed?

[vhbui02]

Using speedtest by Ookla shows that all traffic is redirected to Cloudflare's server. This is undesired behavior.

[vhbui02]

LibreWolf Flatpak can't add new certificate. Weird.