DEV Community

Cover image for Automating Cloudflare WARP Based on WiFi SSID (Linux Guide)
Vicente G. Reyes
Vicente G. Reyes

Posted on • Originally published at vicentereyes.org

Automating Cloudflare WARP Based on WiFi SSID (Linux Guide)

#linux #automation #vpn #networking

If you frequently switch between trusted and untrusted networks, manually toggling your VPN becomes tedious fast.

This guide shows how to automatically connect or disconnect Cloudflare WARP based on your WiFi network name (SSID) using NetworkManager on Linux.

🧠 Why This Matters

Not all networks are equal:

  • 🏠 Trusted WiFi (Home) → You may not need WARP
  • Public WiFi → You definitely want WARP
  • 🏢 Office networks → Might conflict with VPN routing

Instead of manually toggling WARP every time, we can hook into network state changes and automate it.

⚙️ How It Works

Linux systems using NetworkManager support dispatcher scripts—these are triggered automatically when network events occur (e.g., connecting to WiFi).

We leverage this to:

  1. Detect the current SSID
  2. Apply conditional logic
  3. Toggle WARP via CLI

🔧 Step-by-Step Implementation

1. Ensure WARP CLI is Installed

Make sure warp-cli is available. Then register and test:

warp-cli register
warp-cli connect
warp-cli status
Enter fullscreen mode Exit fullscreen mode

2. Create a NetworkManager Dispatcher Script

Dispatcher scripts live here:

/etc/NetworkManager/dispatcher.d/
Enter fullscreen mode Exit fullscreen mode

Create a new script:

sudo nano /etc/NetworkManager/dispatcher.d/99-warp-toggle
Enter fullscreen mode Exit fullscreen mode

3. Add Logic Based on SSID 

#!/bin/bash

INTERFACE="$1"
STATUS="$2"

# Trigger only when a connection is established
if [ "$STATUS" = "up" ]; then
    SSID=$(iwgetid -r)

    if [ "$SSID" = "home_wifi" ]; then
        echo "Connecting WARP for $SSID"
        warp-cli connect

    elif [ "$SSID" = "office_wifi" ]; then
        echo "Disconnecting WARP for $SSID"
        warp-cli disconnect

    else
        echo "Unknown network: $SSID — no action taken"
    fi
fi
Enter fullscreen mode Exit fullscreen mode

4. Make the Script Executable 

sudo chmod +x /etc/NetworkManager/dispatcher.d/99-warp-toggle
Enter fullscreen mode Exit fullscreen mode

5. Apply Changes

Restart NetworkManager:

sudo systemctl restart NetworkManager
Enter fullscreen mode Exit fullscreen mode

Or simply reconnect your WiFi.

🧪 Testing

Switch between your networks:

  • Connect to home_wifi → WARP should connect
  • Connect to office_wifi → WARP should disconnect

Verify with:

warp-cli status
Enter fullscreen mode Exit fullscreen mode

⚠️ Things to Watch Out For

  • Requires iwgetid (usually part of wireless-tools)
  • Dispatcher scripts run as root
  • Some networks may block WARP traffic
  • Avoid rapid toggling (WARP CLI is tolerant, but don’t spam it)

🧩 Optional Enhancements

🔹 Add Logging

echo "$(date): Connected to $SSID" >> /var/log/warp-toggle.log
Enter fullscreen mode Exit fullscreen mode

🔹 Use a case Statement (Cleaner Scaling) 

case "$SSID" in
  "home_wifi")
    warp-cli connect
    ;;
  "office_wifi")
    warp-cli disconnect
    ;;
  *)
    echo "No rule for $SSID"
    ;;
esac
Enter fullscreen mode Exit fullscreen mode

🔹 Default Behavior Strategy

You can invert the logic:

  • Always connect WARP by default
  • Explicitly disable only on trusted networks

💡 Final Thoughts

This approach is:

  • ⚡ Event-driven — no polling loops
  • 🪶 Lightweight — no extra services
  • 🔌 Extensible — plug in more automations

You’re essentially turning your machine into a context-aware system—reacting intelligently to its environment.

Once you get comfortable with dispatcher scripts, you can extend this pattern to:

  • Auto-sync files on trusted networks
  • Trigger backups only at home
  • Change DNS / proxies dynamically

Happy hacking 🚀

Top comments (0)