Community discussions

MikroTik App
 
luciferm
just joined
Topic Author
Posts: 13
Joined: Sat May 13, 2017 7:41 am

run flag in container

Fri Dec 23, 2022 10:12 am

i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this
 
ccbb
just joined
Posts: 5
Joined: Thu Dec 22, 2022 2:26 pm

Re: run flag in container

Sat Dec 24, 2022 5:22 pm

If you use Mac OS X or other environments that do not support host mode, you cannot use the global transparent proxy in this case, or you do not want to use the global transparent proxy, the Docker command will be slightly different:
docker run -d \
-p 2017:2017 \
-p 20170-20172:20170-20172 \
--restart=always \
--name v2raya \
-v /etc/v2raya:/etc/v2raya \
mzz2017/v2raya
 
luciferm
just joined
Topic Author
Posts: 13
Joined: Sat May 13, 2017 7:41 am

Re: run flag in container

Sat Dec 24, 2022 6:49 pm

i know that but a global transparent proxy will be very useful in a router. i just want to know that mikrotik going to add ability to running container with flag or not? a lot off containers need to be run in privilege modes.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: run flag in container

Sat Dec 24, 2022 7:16 pm

If I had to guess, probably not anytime soon. The ability to gain root on the router is something they guard against. So if you could do that by container with one commands like "/container ... privileged=yes", goes against that.

They have said TAP/TUN is on their list, but you're looking for the more than that:
viewtopic.php?p=959219&hilit=TAP%2FTUN#p959219
 
fakeusername2022
newbie
Posts: 38
Joined: Sun Aug 14, 2022 4:36 pm

Re: run flag in container

Thu Feb 16, 2023 12:28 am

i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this

YOU CANNOT! And it has nothing to do with the RUN mode of the container!
The bigger problem is that there is no Tproxy Kernel module loaded into the RouterOS kernel and what you are trying to use depends on Tproxy (take a look at the source code here: https://github.com/v2rayA/v2rayA/blob/f ... /tproxy.go)

you can find more details and explanation here in this post viewtopic.php?p=984485

The ultimate solution could come from the Mikrotik Dev team to compile and add other Iptables Modules into the RouterOS Kernel in order to allow containers taking advantage of them...
 
fakeusername2022
newbie
Posts: 38
Joined: Sun Aug 14, 2022 4:36 pm

Re: run flag in container

Fri Feb 17, 2023 9:35 am

i want to run https://v2raya.org/en/docs/prologue/ins ... on/docker/ this on mikrotik container when i install the image normally it work but transparent proxy of the container wont work.
to run that correctly it should be run with the command bellow
# run v2raya
docker run -d \
  --restart=always \
  --privileged \
  --network=host \
  --name v2raya \
  -e V2RAYA_ADDRESS=0.0.0.0:2017 \
  -v /lib/modules:/lib/modules:ro \
  -v /etc/resolv.conf:/etc/resolv.conf \
  -v /etc/v2raya:/etc/v2raya \
  mzz2017/v2raya
but i don't know how to run this like that can anybody help me with this
So you will not be able to use the V2Raya since it relies on some Iptables Kernel Modules which are not loaded into the RouterOS kernel (e.g. TProxy). What else can be done?! Try the Tun2Socks approach. That's already what is being done on the client sides of Android phones to run the app in full system VPN mode.
There are several implementations of TUN2Socks. The oldest one is BadVPN which is 15 years old and not maintained anymore. A recent one with better performance written in C is https://github.com/heiher/hev-socks5-tunnel/
You will need to do Source Based Routing and manipulate routing table of the Container and also use some nat/masq with the Container's Iptable to deploy it as a transparent proxy or VPN tunnel on your Mikrotik, however that is not the hard part.
Wish Mikrotik offered built-in support of the xRay [https://github.com/XTLS/] in the future...
 
adlar
just joined
Posts: 24
Joined: Tue Aug 09, 2022 7:47 am

Re: run flag in container

Fri Dec 22, 2023 8:21 am

Wish Mikrotik offered built-in support of the xRay [https://github.com/XTLS/] too.
 
vanes32
just joined
Posts: 2
Joined: Mon Dec 25, 2023 11:31 am

Re: run flag in container

Mon Dec 25, 2023 11:54 am

There are several implementations of TUN2Socks. The oldest one is BadVPN which is 15 years old and not maintained anymore. A recent one with better performance written in C is https://github.com/heiher/hev-socks5-tunnel/
You will need to do Source Based Routing and manipulate routing table of the Container and also use some nat/masq with the Container's Iptable to deploy it as a transparent proxy or VPN tunnel on your Mikrotik, however that is not the hard part.
Hello, I’ve been trying to figure out for a long time how to make a transparent xray proxy in the mikrotik container and came across your post. I configured the xray-core container in client mode and it created a socks proxy that works, and then I just can’t figure out which way to go. Do I need to create a second container with hev-socks5-tunnel, or do I need to install hev-socks5-tunnel packages into the container with xray-core? I tried it with a separate hev-socks5-tunnel container, but I couldn’t figure out how to get it to work together with xray-core. Could you help please?
 
vanes32
just joined
Posts: 2
Joined: Mon Dec 25, 2023 11:31 am

Re: run flag in container

Fri Dec 29, 2023 5:03 am

I think I figured it out.
The containers https://github.com/heiher/hev-socks5-tunnel and https://github.com/xjasonlyu/tun2socks do not work out of the box, at least for me. I had to edit entrypoint.sh.
My entrypoint.sh for https://github.com/xjasonlyu/tun2socks container
#!/bin/sh
ip tuntap add mode tun dev tun0
ip addr add 198.18.0.1/15 dev tun0
ip link set dev tun0 up
ip route del default
ip route add default via 198.18.0.1 dev tun0 metric 1
ip route add default via 172.17.0.1 dev eth0 metric 10
tun2socks -device tun0 -proxy socks5://172.17.0.2:10808 -interface eth0

Who is online

Users browsing this forum: No registered users and 3 guests