I'm going to go ahead and say this isn't a task for the weak and feeble. This isn't a method supported by Cloudflare, and could be against their TOS for all I know, thus making this process not straightforward.
This process involved installing the Android SDK on Windows with the AVD manager, using some command line knowledge, and knowing how to setup a Wireguard tunnel.
We will make a device running Lollipop, as this allows us to extract the Wireguard configuration from the device, as in newer versions of Android this is locked down in hardware.
First, let's go ahead and install the latest Android SDK from here. In the install process, make sure AVD Manager is checked and will be installed on the hard drive. We also want Android platform-tools, as this includes ADB which we will need later on. Download that from here and just extract it into a folder.
Creating our Android Device
Go ahead and launch Android Studio, and select AVD manager under the configure dropdown.
A new windows will appear. Go ahead and select "Create Virtual Device."
Select Tablet in the Category pane, and Nexus 7 (not 2012!) in the Device pane.
In the "Select a system image" window, select Lollipop and select the download button next to it. Click accept on the terms, and wait for it to download. Select Lollipop and click next.
We don't need to change anything on this next window, so go ahead and select "Finish."
Select the play button inside the device you just created.
If all went well, you should now be greeted with the Android homescreen!
Installing 220.127.116.11 on the Android Device
Now on your computer, open your web browser and head to APKMirror here to download the latest APK of 18.104.22.168. Note that we want the APK, not a bundle. Once your apk is downloaded, place it in the folder you extracted platform-tools to. Your folder should look like something below.
Go ahead and shift+right-click in the folder, and select "Open Powershell window here" or "Open Command Prompt windows here," depending on what version on Windows you have, or whatever your preference is. Type
adb.exe devices. This should list your emulator as a device.
Now we want to install 22.214.171.124 onto the Android device. Type
adb.exe install "apk name here".
And like magic, 126.96.36.199 should show up in the app drawer now!
Logging into Cloudflare for Teams on the Device
If you have set up Cloudflare for Teams on any other mobile device, the process is the exact same here. Click the hamburger, "Account," "Login with Cloudflare for Teams."
Go ahead and enter your organization name, and proceed with whatever login method is set up.
And just like that Teams is set up on the device. Now it's time to extract the Wireguard configuration.
Pulling the Wireguard Configuration
Go back into Powershell/Command Prompt, and type
adb pull /data/data/com.cloudflare.onedotonedotonedotone/shared_prefs/com.cloudflare.onedotonedotonedotone_preferences.xml. This will place the configuration in the platform-tools folder. Go ahead and open it with your favorite editor, VS Code in my case.
Within our XML file, we need to make note of a couple items.
- Peer Public Key
- Peer IP Address
- Peer Port
- Client IP/s
- Client Private Key
- Client Registration ID
You might have to dig around in the XML to find these, but in my case here are my values (don't worry, it won't work after).
Endpoint Public Key:
Endpoint IP Address:
2408 (Note, if this is blocked by a firewall, port 500, 1701, and 4500 are also valid.)
Client Private Key:
Q28IK1ygu1MT4wumEoBf3Gl6+awKgyS3X+ioEi2HGnE= (I have revoked this, it will not work for you.)
Client Registration ID:
t.f634e942-ebe5-11eb-9b1d-a6b0c2bd8c0a (This is used to create Identity based-policies and other things in the Cloudflare for Teams dashboard. Note, the "t." part won't be present in the dashboard.)
That's it! Now you can use that in pfSense to treat your whole network as one device in the dashboard, use it on a device that doesn't support the 188.8.131.52 app but supports Wireguard, or anything else you put your mind to.
Keep in mind, some online service will recognize the Warp IP as a VPN. Specifically Hulu (but not Netflix?), Wikipedia, and others. You can try using split tunneling, but this will have to be configured on the local device, not the Cloudflare for Teams dashboard.