Hi guys! I read this topic, but I can't understand the specific algorithm for running the client part of Vless for my VPS server. Maybe someone can systematize the recommendations and write a FAQ on this issue? So far I've understood one thing: I need Mikrotik on the ARM architecture with RouterOS 7.0, with the ability to install packages. Then, I need to install the Xray-core and Tun2Socks package (I don't need ADGuard), but the next steps are unclear...
Thanks to the rebuilt Xray-core and hev-socks5-tunnel containers, it has become much easier to launch containers.
In addition to preparing the router for the installation of containers, it is also necessary to prescribe routing for marked traffic.
Create two virtual interfaces for each container and assign an IP address from a private address range:
/interface veth add address=172.17.0.2/24 gateway=172.17.0.1 gateway6="" name=veth1-xray
/interface veth add address=172.17.0.3/24 gateway=172.17.0.1 gateway6="" name=veth2-tunCreate a bridge for the virtual Ethernet (veth) interfaces and assign it an IP:
/interface/bridge/add name=containers
/ip/address/add address=172.17.0.1/24 network=172.17.0.0 interface=containersAdd the veth interfaces to the bridge:
/interface/bridge/port add bridge=containers interface=veth1-xray
/interface/bridge/port add bridge=containers interface=veth2-tunAdd the bridge to the LAN list:
/interface list member add interface=containers list=LANCreate a routing table for tagged traffic:
/routing table add disabled=no fib name=proxy_markSet up NAT for outgoing traffic:
/ip firewall nat add action=masquerade chain=srcnat comment="Containers through NAT" out-interface-list=WAN src-address=172.17.0.0/24Set up a firewall rule for marking the traffic for routing:
/ip firewall mangle add action=mark-routing chain=prerouting dst-address-list=route_proxy new-routing-mark=proxy_mark passthrough=yes
# Optional:
/ip firewall mangle add action=change-mss chain=forward new-mss=clamp-to-pmtu out-interface=containers passthrough=yes protocol=tcp tcp-flags=synAdd the resources to the address list:
/ip firewall address-list add address=microsoft.com list=route_proxy
/ip firewall address-list add address=www.microsoft.com list=route_proxyAdd routing for tagged traffic:
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=172.17.0.3 routing-table=proxy_markSet environment variables for the Xray Vless container:
/container envs add key=SOCKS_PORT name=vless value=@port@
/container envs add key=REMOTE_ADDRESS name=vless value=@your_address/ip_vps@
/container envs add key=REMOTE_PORT name=vless value=443
/container envs add key=ID name=vless value=@ID_from_panel_3x-ui@
/container envs add key=ENCRYPTION name=vless value=none
/container envs add key=FLOW name=vless value=xtls-rprx-vision
/container envs add key=FINGER_PRINT name=vless value=chrome
/container envs add key=SERVER_NAME name=vless value=@the_domain_you're_masquerading_as@
/container envs add key=PUBLIC_KEY name=vless value=@PUBLIC_KEY@
/container envs add key=SHORT_ID name=vless value=@SHORT_ID@Set environment variables for the Tun container:
/container envs add key=SOCKS5_ADDR name=tun value=172.17.0.2
/container envs add key=SOCKS5_PORT name=tun value=@port@
/container envs add key=SOCKS5_UDP_MODE name=tun value=udp
/container envs add key=LOCAL_ROUTE name=tun value="ip r a @your_network@ via 172.17.0.1"Finally, add the containers, making sure to specify the installation path from the hub or file location:
/container add dns=@your_network@ envlist=vless interface=veth1-xray root-dir=@your_directory_sample/usb1/Containers/vless-mikrotik@ start-on-boot=yes workdir=/root
/container add envlist=tun interface=veth2-tun root-dir=@your_directory_sample/usb1/Containers/Hev-Tun@ start-on-boot=yesThanks again to Snegowiki for providing these resources: