12 ตุลาคม 2567

local DOH DOT with coredns

# Corefile
.:53{
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
}
https://.:443 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}
tls://.:853 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}


$ docker run --rm -d --name coredns \
    -p 443:443/tcp -p 853:853/tcp \
    -v $PWD/Corefile:/etc/coredns/Corefile \
    -v $PWD/domain.tld.crt:/etc/coredns/certs/domain.tld.crt \
    -v $PWD/domain.tld.key:/etc/coredns/certs/domain.tld.key \
    coredns/coredns:latest \
    -conf /etc/coredns/Corefile

 

 https://coredns.io/plugins/tls/

local DOH DOT with adguard/dnsproxy

$ docker run --rm -d --name dnsproxy \
-p 53:53/udp -p 53:53/tcp -p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key


# Add -p 0 if you also want to disable plain-DNS handling and make dnsproxy only serve DoH with Basic Auth checking.

$ docker run --rm -d --name dnsproxy \
-p 443:443/tcp -p 853:853/tcp \
-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \
-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \
adguard/dnsproxy:latest \
-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \
--https-port=443 --tls-port=853 \
--tls-crt=/opt/dnsproxy/domain.tld.crt \
--tls-key=/opt/dnsproxy/domain.tld.key \
-p 0

https://hub.docker.com/r/adguard/dnsproxy
https://github.com/AdguardTeam/dnsproxy

05 กันยายน 2567

Running cloudflared tunnel on mikrotik container 96MB tmpfs

Testing hardware
- hAP ax lite 

/interface veth
add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port
add bridge=br-lan interface=cf-tunnel

/disk
add slot=tmpfs tmpfs-max-size=96M type=tmpfs

/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script
add name=addCloudflared source=":delay 20s\
    \n/container remove [find tag~\"cloudflared\"]\
    \n:delay 5s\
    \n/container add remote-image=intrasistema/cloudflared-arm-mikrotik:latest interface=cloudflared root-dir=tmpfs logging=yes cmd=\"cloudflared tunnel --no-autoupdate run --token XXX\"\
    \n:delay 10s\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 10s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"

add name=restartCloudflared source=\
    "/container stop [find tag~\"cloudflared\"]\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 3s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"
    
/system scheduler
add name=startCloudflare on-event=addCloudflared start-time=startup

# update cloudflared
/container/shell [find tag~"cloudflared"]
/ # cloudflared update
/ # exit

/system/script/run restartCloudflared

Running cloudflared tunnel on mikrotik container 128MB tmpfs

Testing hardware
- hAP ax² 

/interface veth
add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port
add bridge=br-lan interface=cf-tunnel

/disk
add slot=tmpfs tmpfs-max-size=128M type=tmpfs

/container config
set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script
add name=addCloudflared source=":delay 20s\
    \n/container remove [find tag~\"cloudflared\"]\
    \n:delay 5s\
    \n/container add remote-image=cloudflare/cloudflared root-dir=tmpfs interface=cf-tunnel logging=yes cmd=\"tunnel --no-autoupdate run --token XXX\"\
    \n:delay 30s\
    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\
    \n    :delay 10s\
    \n    /container start [find tag~\"cloudflared\"]\
    \n}"

/system scheduler
add name=startCloudflare on-event=addCloudflared start-time=startup

15 สิงหาคม 2567

Running cloudflared tunnel on mikrotik container with 128 MB storage

 Testing hardware
- hAP ax lite
- hAP ax² 


/container/add interface=veth-cf-tunnel remote-image=alpine cmd="sleep infinity" start-on-boot=yes logging=yes

/container/start number=0

/container/shell number=0

# apk add --no-cache ca-certificates curl && curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared && apk del curl ca-certificates && rm -rf /var/cache/apk/* /tmp/* /var/lib/apt/lists/* /usr/share/man /usr/share/doc /usr/share/doc-base

# exit

/container/stop number=0

/container/set numbers=0 cmd="cloudflared tunnel --no-autoupdate run --token XXX"

/container/start number=0
 
 
Note : select binary depend on your architecture
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64

31 กรกฎาคม 2567

Mikrotik CHR on debian with qemu-kvm

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst libvirt-daemon
sudo apt install cpu-checker vim unzip

sudo vi /etc/network/interfaces

iface enp1s0 inet manual

auto vmbr0
iface vmbr0 inet dhcp
        bridge-ports enp1s0
        bridge-stp off
        bridge-fd 0
        bridge_maxwait 0

auto vmbr1
iface vmbr1 inet static
        address 10.0.0.20/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge_maxwait 0
  
sudo systemctl restart networking

wget https://download.mikrotik.com/routeros/7.15.3/chr-7.15.3.img.zip
unzip chr-7.15.3.img.zip

sudo mv chr-7.15.3.img /var/lib/libvirt/images/

sudo virt-install \
--name mikrotik \
--ram 512 \
--disk path=/var/lib/libvirt/images/chr-7.15.3.img,format=raw \
--vcpus 1 \
--os-variant debian10 \
--network bridge=vmbr0 \
--network bridge=vmbr1 \
--graphics none \
--console pty,target_type=serial \
--import

sudo virsh autostart mikrotik

sudo virsh console mikrotik
sudo virsh reset mikrotik
sudo virsh reboot mikrotik
sudo virsh start mikrotik
sudo virsh shutdown mikrotik
 

ref : https://reintech.io/blog/installing-using-kvm-virtualization-debian-12

22 มิถุนายน 2567

Mikrotik RouterOS donwload script

Script download latest RouterOS (Main Package and Extra Package)
for architectures
- x86
- arm64
- arm
- mipsbe
- mmips
- ppc
- smips

and check existing local file before download

https://github.com/leakung/getRouterOS