Monday, 31 March 2025

Complete Guide to Setting Up WireGuard + Cloudflare WARP for Optimized Routing with Singapore & Indonesia VPS

Posted By: Rufaidah-network - 00:19

 


1. Introduction

This topology uses two VPS (Singapore & Indonesia) as the main gateways for internet connection, with Starlink only as a transit. WireGuard is used as the main VPN, and Cloudflare WARP helps optimize routing. This system also has failover; if the primary VPS (SG) goes down, the connection automatically switches to the backup VPS (ID).

2. Preparation

Before starting, make sure you have:

  • 2 VPS (Singapore & Indonesia) with Ubuntu/Debian OS

  • WireGuard installed on both VPS

  • Cloudflare WARP installed on the main VPS (SG)

  • Root access to the server and client

3. Installing WireGuard on Singapore & Indonesia VPS

apt update && apt install wireguard -y

4. WireGuard Configuration on Singapore VPS (/etc/wireguard/wg0.conf)

[Interface]
Address = 10.100.100.1/24
PrivateKey = <PRIVATE_KEY_SG>
ListenPort = 51820

[Peer]
PublicKey = <PUBLIC_KEY_ID>
AllowedIPs = 10.100.101.1/32
Endpoint = <PUBLIC_IP_ID>:51820
PersistentKeepalive = 25

5. WireGuard Configuration on Indonesia VPS (/etc/wireguard/wg0.conf)

[Interface]
Address = 10.100.101.1/24
PrivateKey = <PRIVATE_KEY_ID>
ListenPort = 51820

[Peer]
PublicKey = <PUBLIC_KEY_SG>
AllowedIPs = 10.100.100.1/32
Endpoint = <PUBLIC_IP_SG>:51820
PersistentKeepalive = 25

6. Starting WireGuard

systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

7. Installing Cloudflare WARP on Singapore VPS

curl -fsSL https://pkg.cloudflareclient.com/install.sh | bash
warp-cli register
warp-cli set-mode proxy
warp-cli connect

8. Adding Routing on Singapore VPS

iptables -t nat -A POSTROUTING -o warp0 -j MASQUERADE
iptables -A FORWARD -i wg0 -o warp0 -j ACCEPT
iptables -A FORWARD -i warp0 -o wg0 -j ACCEPT

9. Setting Up Failover from Singapore to Indonesia

while true; do
  ping -c 3 10.100.100.1 > /dev/null
  if [ $? -ne 0 ]; then
    ip route replace default via 10.100.101.1 dev wg0
  else
    ip route replace default via 10.100.100.1 dev wg0
  fi
  sleep 10
done

Save this script as /root/failover.sh and run:

chmod +x /root/failover.sh
nohup /root/failover.sh &

10. Testing the Connection

On the client, try connecting to the WireGuard Singapore VPS and check if routing is working correctly.

ping -c 3 8.8.8.8
curl ifconfig.me

Conclusion This system ensures an optimized connection with automatic failover. All bandwidth remains from the VPS, while Starlink is only used as a transit path. If you have any questions, feel free to leave a comment on the blog!
Subscribe to: Comments (Atom)

Copyright © Pembelajaran IT ™ is a registered trademark.

Designed by Templateism. Hosted on Blogger Platform.