Page 1 of 1

run flag in container

Posted: Fri Dec 23, 2022 10:12 am
by luciferm
i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this

Re: run flag in container

Posted: Sat Dec 24, 2022 5:22 pm
by ccbb
If you use Mac OS X or other environments that do not support host mode, you cannot use the global transparent proxy in this case, or you do not want to use the global transparent proxy, the Docker command will be slightly different:
docker run -d \
-p 2017:2017 \
-p 20170-20172:20170-20172 \
--restart=always \
--name v2raya \
-v /etc/v2raya:/etc/v2raya \
mzz2017/v2raya

Re: run flag in container

Posted: Sat Dec 24, 2022 6:49 pm
by luciferm
i know that but a global transparent proxy will be very useful in a router. i just want to know that mikrotik going to add ability to running container with flag or not? a lot off containers need to be run in privilege modes.

Re: run flag in container

Posted: Sat Dec 24, 2022 7:16 pm
by Amm0
If I had to guess, probably not anytime soon. The ability to gain root on the router is something they guard against. So if you could do that by container with one commands like "/container ... privileged=yes", goes against that.

They have said TAP/TUN is on their list, but you're looking for the more than that:
viewtopic.php?p=959219&hilit=TAP%2FTUN#p959219

Re: run flag in container

Posted: Thu Feb 16, 2023 12:28 am
by fakeusername2022
i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this

YOU CANNOT! And it has nothing to do with the RUN mode of the container!
The bigger problem is that there is no Tproxy Kernel module loaded into the RouterOS kernel and what you are trying to use depends on Tproxy (take a look at the source code here: https://github.com/v2rayA/v2rayA/blob/f ... /tproxy.go)

you can find more details and explanation here in this post viewtopic.php?p=984485

The ultimate solution could come from the Mikrotik Dev team to compile and add other Iptables Modules into the RouterOS Kernel in order to allow containers taking advantage of them...

Re: run flag in container

Posted: Fri Feb 17, 2023 9:35 am
by fakeusername2022
i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this
So you will not be able to use the V2Raya since it relies on some Iptables Kernel Modules which are not loaded into the RouterOS kernel (e.g. TProxy). What else can be done?! Try the Tun2Socks approach. That's already what is being done on the client sides of Android phones to run the app in full system VPN mode.
There are several implementations of TUN2Socks. The oldest one is BadVPN which is 15 years old and not maintained anymore. A recent one with better performance written in C is https://github.com/heiher/hev-socks5-tunnel/
You will need to do Source Based Routing and manipulate routing table of the Container and also use some nat/masq with the Container's Iptable to deploy it as a transparent proxy or VPN tunnel on your Mikrotik, however that is not the hard part.
Wish Mikrotik offered built-in support of the xRay [https://github.com/XTLS/] in the future...

Re: run flag in container

Posted: Fri Dec 22, 2023 8:21 am
by adlar
Wish Mikrotik offered built-in support of the xRay [https://github.com/XTLS/] too.

Re: run flag in container

Posted: Mon Dec 25, 2023 11:54 am
by vanes32
There are several implementations of TUN2Socks. The oldest one is BadVPN which is 15 years old and not maintained anymore. A recent one with better performance written in C is https://github.com/heiher/hev-socks5-tunnel/
You will need to do Source Based Routing and manipulate routing table of the Container and also use some nat/masq with the Container's Iptable to deploy it as a transparent proxy or VPN tunnel on your Mikrotik, however that is not the hard part.
Hello, I’ve been trying to figure out for a long time how to make a transparent xray proxy in the mikrotik container and came across your post. I configured the xray-core container in client mode and it created a socks proxy that works, and then I just can’t figure out which way to go. Do I need to create a second container with hev-socks5-tunnel, or do I need to install hev-socks5-tunnel packages into the container with xray-core? I tried it with a separate hev-socks5-tunnel container, but I couldn’t figure out how to get it to work together with xray-core. Could you help please?

Re: run flag in container

Posted: Fri Dec 29, 2023 5:03 am
by vanes32
I think I figured it out.
The containers https://github.com/heiher/hev-socks5-tunnel and https://github.com/xjasonlyu/tun2socks do not work out of the box, at least for me. I had to edit entrypoint.sh.
My entrypoint.sh for https://github.com/xjasonlyu/tun2socks container
#!/bin/sh
ip tuntap add mode tun dev tun0
ip addr add 198.18.0.1/15 dev tun0
ip link set dev tun0 up
ip route del default
ip route add default via 198.18.0.1 dev tun0 metric 1
ip route add default via 172.17.0.1 dev eth0 metric 10
tun2socks -device tun0 -proxy socks5://172.17.0.2:10808 -interface eth0