local DOH DOT with coredns

# Corefile
.:53{
    forward . tls://1.1.1.1 tls://1.0.0.1 {
        tls_servername cloudflare-dns.com
    }
}
https://.:443 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}
tls://.:853 {
    tls /etc/coredns/certs/domain.tld.crt /etc/coredns/certs/domain.tld.key
    forward . 127.0.0.1
}


$ docker run --rm -d --name coredns \
    -p 443:443/tcp -p 853:853/tcp \
    -v $PWD/Corefile:/etc/coredns/Corefile \
    -v $PWD/domain.tld.crt:/etc/coredns/certs/domain.tld.crt \
    -v $PWD/domain.tld.key:/etc/coredns/certs/domain.tld.key \
    coredns/coredns:latest \
    -conf /etc/coredns/Corefile

 

 https://coredns.io/plugins/tls/

local DOH DOT with adguard/dnsproxy

$ docker run --rm -d --name dnsproxy \

-p 53:53/udp -p 53:53/tcp -p 443:443/tcp -p 853:853/tcp \

-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \

-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \

adguard/dnsproxy:latest \

-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \

--https-port=443 --tls-port=853 \

--tls-crt=/opt/dnsproxy/domain.tld.crt \

--tls-key=/opt/dnsproxy/domain.tld.key

# Add -p 0 if you also want to disable plain-DNS handling and make dnsproxy only serve DoH with Basic Auth checking.

$ docker run --rm -d --name dnsproxy \

-p 443:443/tcp -p 853:853/tcp \

-v $PWD/domain.tld.crt:/opt/dnsproxy/domain.tld.crt \

-v $PWD/domain.tld.key:/opt/dnsproxy/domain.tld.key \

adguard/dnsproxy:latest \

-u https://dns.adguard.com/dns-query -b 1.1.1.1:53 \

--https-port=443 --tls-port=853 \

--tls-crt=/opt/dnsproxy/domain.tld.crt \

--tls-key=/opt/dnsproxy/domain.tld.key \

-p 0

https://hub.docker.com/r/adguard/dnsproxy

https://github.com/AdguardTeam/dnsproxy

Running cloudflared tunnel on mikrotik container 96MB tmpfs

Testing hardware

- hAP ax lite 

/interface veth

add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port

add bridge=br-lan interface=cf-tunnel

/disk

add slot=tmpfs tmpfs-max-size=96M type=tmpfs

/container config

set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script

add name=addCloudflared source=":delay 20s\

    \n/container remove [find tag~\"cloudflared\"]\

    \n:delay 5s\

    \n/container add remote-image=intrasistema/cloudflared-arm-mikrotik:latest interface=cloudflared root-dir=tmpfs logging=yes cmd=\"cloudflared tunnel --no-autoupdate run --token XXX\"\

    \n:delay 10s\

    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\

    \n    :delay 10s\

    \n    /container start [find tag~\"cloudflared\"]\

    \n}"

add name=restartCloudflared source=\

    "/container stop [find tag~\"cloudflared\"]\

    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\

    \n    :delay 3s\

    \n    /container start [find tag~\"cloudflared\"]\

    \n}"

    

/system scheduler

add name=startCloudflare on-event=addCloudflared start-time=startup

# update cloudflared

/container/shell [find tag~"cloudflared"]

/ # cloudflared update

/ # exit

/system/script/run restartCloudflared

Running cloudflared tunnel on mikrotik container 128MB tmpfs

Testing hardware

- hAP ax² 

/interface veth

add address=10.0.0.20/24 gateway=10.0.0.1 name=cf-tunnel

/interface bridge port

add bridge=br-lan interface=cf-tunnel

/disk

add slot=tmpfs tmpfs-max-size=128M type=tmpfs

/container config

set registry-url=https://registry-1.docker.io tmpdir=tmpfs

/system script

add name=addCloudflared source=":delay 20s\

    \n/container remove [find tag~\"cloudflared\"]\

    \n:delay 5s\

    \n/container add remote-image=cloudflare/cloudflared root-dir=tmpfs interface=cf-tunnel logging=yes cmd=\"tunnel --no-autoupdate run --token XXX\"\

    \n:delay 30s\

    \nwhile ([/container get [find tag~\"cloudflare\"] status] != \"running\") do={\

    \n    :delay 10s\

    \n    /container start [find tag~\"cloudflared\"]\

    \n}"

/system scheduler

add name=startCloudflare on-event=addCloudflared start-time=startup

Running cloudflared tunnel on mikrotik container with 128 MB storage

 Testing hardware

- hAP ax lite

- hAP ax² 

/container/add interface=veth-cf-tunnel remote-image=alpine cmd="sleep infinity" start-on-boot=yes logging=yes

/container/start number=0

/container/shell number=0

# apk add --no-cache ca-certificates curl && curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm -o /usr/local/bin/cloudflared && chmod +x /usr/local/bin/cloudflared && apk del curl ca-certificates && rm -rf /var/cache/apk/* /tmp/* /var/lib/apt/lists/* /usr/share/man /usr/share/doc /usr/share/doc-base

# exit

/container/stop number=0

/container/set numbers=0 cmd="cloudflared tunnel --no-autoupdate run --token XXX"

/container/start number=0
 
 
Note : select binary depend on your architecture
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-arm64
- https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64

Mikrotik CHR on debian with qemu-kvm

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst libvirt-daemon

sudo apt install cpu-checker vim unzip

sudo vi /etc/network/interfaces

iface enp1s0 inet manual

auto vmbr0

iface vmbr0 inet dhcp

        bridge-ports enp1s0

        bridge-stp off

        bridge-fd 0

        bridge_maxwait 0

auto vmbr1

iface vmbr1 inet static

        address 10.0.0.20/24

        bridge-ports none

        bridge-stp off

        bridge-fd 0

        bridge_maxwait 0

  

sudo systemctl restart networking

wget https://download.mikrotik.com/routeros/7.15.3/chr-7.15.3.img.zip

unzip chr-7.15.3.img.zip

sudo mv chr-7.15.3.img /var/lib/libvirt/images/

sudo virt-install \

--name mikrotik \

--ram 512 \

--disk path=/var/lib/libvirt/images/chr-7.15.3.img,format=raw \

--vcpus 1 \

--os-variant debian10 \

--network bridge=vmbr0 \

--network bridge=vmbr1 \

--graphics none \

--console pty,target_type=serial \

--import

sudo virsh autostart mikrotik

sudo virsh console mikrotik

sudo virsh reset mikrotik

sudo virsh reboot mikrotik

sudo virsh start mikrotik

sudo virsh shutdown mikrotik

 

ref : https://reintech.io/blog/installing-using-kvm-virtualization-debian-12

Mikrotik RouterOS donwload script

Script download latest RouterOS (Main Package and Extra Package)
for architectures

- x86

- arm64

- arm

- mipsbe

- mmips

- ppc

- smips

and check existing local file before download

https://github.com/leakung/getRouterOS