/container/mounts add dst=/etc/xray/config.json src=/path/to/your/config.json name=xray-config
Obfuscation protocols (like WS+TLS) require heavy encryption. Monitor your CPU usage under /system/resource/print . If it hits 100%, consider offloading the container to a dedicated single-board computer (like a Raspberry Pi) and using the MikroTik strictly for routing.
"inbounds": [ "port": 10808, "protocol": "socks", "settings": "auth": "noauth", "udp": true , "sniffing": "enabled": true, "destOverride": ["http", "tls"] , "port": 12345, "protocol": "dokodemo-door", "settings": "network": "tcp,udp", "followRedirect": true ], "outbounds": [ "protocol": "vmess", "settings": "vnext": [ "address": "your.server.ip.or.domain", "port": 443, "users": [ "id": "YOUR-V2RAY-UUID-HERE", "alterId": 0, "security": "auto" ] ] , "streamSettings": "network": "ws", "security": "tls", "wsSettings": "path": "/yourpath" ] Use code with caution.
For security reasons, MikroTik requires physical access or a cold boot to enable container features. Open the MikroTik terminal and run: /system/device-mode/update container=yes Use code with caution.
Set the inbound configuration in /usr/local/etc/v2ray/config.json to use the dokodemo-door protocol, listening on port 12345 . Ensure IP forwarding is enabled on the Linux host: sysctl -w net.ipv4.ip_forward=1 Use code with caution. v2ray mikrotik
--
"inbounds": [ "port": 443, "protocol": "vless", "settings": "clients": [ "id": "UUID", "flow": "" ] , "streamSettings": "network": "ws", "wsSettings": "path": "/ray" , "security": "tls", "tlsSettings": "certificates": [ "certificateFile": "/etc/letsencrypt/live/example.com/fullchain.pem", "keyFile": "/etc/letsencrypt/live/example.com/privkey.pem" ]
[ Local Devices ] │ ▼ [ MikroTik Router ] ──(Mangle Rule / Route)──► [ Local V2Ray Gateway ] │ │ (Normal Traffic) (Proxy Traffic) │ │ ▼ ▼ [ Public Internet ] [ V2Ray Server ] Phase 1: Configuring the Local V2Ray Gateway
# Add a routing mark for proxied traffic /ip firewall mangle add chain=prerouting src-address=192.168.88.0/24 dst-address=!192.168.88.10 \ protocol=tcp action=mark-routing new-routing-mark=v2ray-mark /container/mounts add dst=/etc/xray/config
"port": 1080, "protocol": "socks", "settings": "auth": "noauth", "udp": true
On your gateway (IP: 192.168.88.10), run V2Ray with this inbound:
/ip firewall filter add chain=forward action=accept in-interface=dockers out-interface-list=WAN /ip firewall filter add chain=forward action=accept in-interface-list=WAN out-interface=dockers
Slow browser speed. Solution: Disable TCP Segmentation Offloading on MikroTik interfaces. V2Ray does its own packet assembly. Set the inbound configuration in /usr/local/etc/v2ray/config
Running containers can be resource-intensive. Always monitor your CPU and RAM usage in RouterOS to ensure the V2Ray process doesn't destabilize your primary routing functions.
MikroTik uses "Mangle" rules to flag packets matching your proxy list.
V2Ray is a platform that provides a flexible and customizable way to circumvent internet censorship and surveillance. It's an open-source project that allows users to create a personalized proxy server, enabling them to access blocked websites, encrypt internet traffic, and mask their IP addresses. V2Ray supports various protocols, including VMess, VLESS, and Trojan, making it a versatile tool for users seeking online freedom.
Run /container/print and ensure status reads running .
Remote V2Ray server + MikroTik as gateway/router