VyOS is an open source network operating system based on Debian GNU/Linux.
V2ray is the one the most powerful and flexible free software written by Go, which helped a lot of chinese people access to blocked sites and sources.
My router is mikrotik RB4011, since it is a closed commercial system we have no rights to install any thirty party service on it, although there are many VPN protocols natively supported but it is not wise choose for across GFW. (You know that 🙂 )
For years, I use openwrt as the gateway and dns server, and yes, it is flexible but it is maintained by a chinese guy called Lean, So the X luci-app will be randomly dropped when there is a news relevent to internet inspection. We can still keep it but we have to find an alternative.
Someone may prefer Debian, but it is not designed for a router system. To make it work, we have to install more extra services and add long iptables rules.
I personally prefer a simple and stable solution. VyOS is the one!
Firstly, I strongly suggest to install a virtualization enviroment like Proxmox/Esxi/Unraid etc.
Let's start with Proxmox(short for PVE):
https://downloads.vyos.io -- to download directly old version and rolling version
https://docs.vyos.io/en/latest/contributing/build-vyos.html -- Build your own stable version
Here we use latest rolling verion 1.3x ; download the image from: https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
Installing VyOS:
1, Upload VyOS iso file to PVE. (local->content-upload)
2, Create virtul machine with uploaded file, Create VM -> give it a name -> ISO image choose we uploaded before -> Sytem leave it as default-> CPU 2 cores -> Hard Disk more than 2 GB -> Memory more than 1 GB -> Network VirtIO-> Confirm.
3, Start the VM and click "Console" to login to the Vyos.
4, After auto booted, it is not really installed at all, type "install image " to install it.
vyos@vyos:~$ install image
Welcome to the VyOS install program. This script
will walk you through the process of installing the
VyOS image to a local hard drive.
Would you like to continue? (Yes/No) [Yes]: Yes
Probing drives: OK
Looking for pre-existing RAID groups...none found.
The VyOS image will require a minimum 2000MB root.
Would you like me to try to partition a drive automatically
or would you rather partition it manually with parted? If
you have already setup your partitions, you may skip this step
Partition (Auto/Parted/Skip) [Auto]:
I found the following drives on your system:
sda 4294MB
Install the image on? [sda]:
This will destroy all data on /dev/sda.
Continue? (Yes/No) [No]: Yes
How big of a root partition should I create? (2000MB - 4294MB) [4294]MB:
Creating filesystem on /dev/sda1: OK
Done!
Mounting /dev/sda1...
What would you like to name this image? [1.2.0-rolling+201809210337]:
OK. This image will be named: 1.2.0-rolling+201809210337
Copying squashfs image...
Copying kernel and initrd images...
Done!
I found the following configuration files:
/opt/vyatta/etc/config.boot.default
Which one should I copy to sda? [/opt/vyatta/etc/config.boot.default]:
Copying /opt/vyatta/etc/config.boot.default to sda.
Enter password for administrator account
Enter password for user 'vyos':
Retype password for user 'vyos':
I need to install the GRUB boot loader.
I found the following drives on your system:
sda 4294MB
Which drive should GRUB modify the boot partition on? [sda]:
Setting up grub: OK
Done!
5, Now we have VyOS installed.
6, Config VyOS
enable configuration mode
config
set login password
set system login user vyos authentication plaintext-password xxxxxx
set eth0 static IP
set interfaces ethernet eth0 description 'LAN'
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 address 10.0.0.100/24
enable SSH access with port 22
set service ssh port 22
commit
save
exit
Installing v2ray
Since the VyOS is customzied system on debian, We need to install it manually
switch to root user
sudo su
apt install unzip
apt install curl
download v2ray with socks5 proxy
cd /usr/bin/v2ray
curl --socks5-hostname 10.0.0.11:23456 -LJO https://github.com/v2ray/v2ray-core/releases/download/v4.23.1/v2ray-linux-64.zip
unzip v2ray.zip
mkdir /etc/v2ray/
cd /usr/bin/v2ray/systemd
cp v2ray.service /usr/lib/systemd/system
mkdir /usr/bin/v2ray
cp v2ray /usr/bin/v2ray/v2ray
cp v2ctl /usr/bin/v2ray/v2ctl
cp geoip.dat /usr/bin/v2ray/geoip.dat
cp geosite.dat /usr/bin/v2ray/geosite.dat
mkdir /etc/v2ray/
cp vpoint_vmess_freedom.json /etc/v2ray/config.json
systemctl enable v2ray
systemctl start v2ray
systemctl status v2ray
V2ray could do the IP and DNS auto PROXY based on geoip and geosite:
here are the reference:
nano /etc/v2ray/config.json
it is based on H2 (https://guide.v2fly.org/advanced/h2_tls_web.html) You can config as you want.
{
"log": {
"loglevel": "info"
},
"inbounds": [
{
"protocol": "socks",
"listen": "127.0.0.1",
"port": 1088,
"settings": {
"udp": true,
"auth": "noauth"
},
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
}
},
{
"port": 1080,
"listen": "127.0.0.1",
"protocol": "http",
"auth": "password",
"sniffing": {
"enabled": true,
"destOverride": ["http", "tls"]
},
"settings": {
"accounts": [ //http proxy with auth
{
"user": "xxx",
"pass": "xxx"
}
]
}
},
{
"tag":"transparent",
"port":12345,
"protocol":"dokodemo-door",
"settings":{
"network":"tcp,udp",
"followRedirect":true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
},
{
"port":5353,
"protocol":"dokodemo-door",
"settings":{
"address":"8.8.8.8",
"port":53,
"network":"tcp,udp",
"followRedirect":false
}
}
],
"outbounds": [
{
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "domain",
"port": 443,
"users": [
{
"id": "UUID",
"alterId": 64,
"security": "auto"
}
]
}
]
},
"tag": "proxy",
"streamSettings": {
"network": "h2",
"httpSettings": {
"host": [
"hostname"
],
"path": "/xxx"
},
"security": "tls"
},
"mux": {}
},
{
"protocol": "dns",
"tag": "dns-out"
},
{
"protocol": "freedom",
"tag": "direct",
"settings": {
"domainStrategy": "UseIP"
}
},
{
"protocol": "blackhole",
"tag": "reject",
"settings": {
"response": {
"type": "http"
}
}
}
],
"dns": {
"servers": [
"8.8.8.8",
"1.1.1.1",
"114.114.114.114",
{
"address": "223.5.5.5",
"port": 53,
"domains": [
"geosite:cn",
"ntp.org",
"$myserver.address"
]
}
]
},
"routing": {
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"inboundTag": [
"transparent"
],
"port": 53,
"network": "udp",
"outboundTag": "dns-out"
},
{
"type": "field",
"inboundTag": [
"transparent"
],
"port": 123,
"network": "udp",
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"223.5.5.5",
"114.114.114.114"
],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"8.8.8.8",
"1.1.1.1"
],
"outboundTag": "proxy"
{
"type": "field",
"domain": [
"geosite:category-ads-all"
],
"outboundTag": "block"
},
{
"type": "field",
"protocol":["bittorrent"],
"outboundTag": "direct"
},
{
"type": "field",
"ip": [
"geoip:private",
"geoip:cn"
],
"outboundTag": "direct"
},
{
"type": "field",
"domain": [
"geosite:cn"
],
"outboundTag": "direct"
}
]
}
}
service v2ray restart
service v2ray status
check if v2ray is running correct
Finally, Nat it.
DNS Server
set service dns forwarding cache-size '0'
set service dns forwarding listen-address 10.0.0.100
set service dns forwarding allow-from 10.0.0.0/24
set service dns forwarding name-server '114.114.114.114'
set service dns forwarding name-server '223.6.6.6'
restart dns forwarding
NAT
set nat destination rule 10 description 'DNS NAT'
set nat destination rule 10 destination port 53
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp_udp'
set nat destination rule 10 translation address 10.0.0.100
set nat destination rule 20 description 'TCP NAT'
set nat destination rule 20 destination port 1-65535
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp_udp'
set nat destination rule 20 translation address 10.0.0.100
set nat destination rule 20 translation port 12345 //important!
Route
set protocols static route 0.0.0.0/0 next-hop 10.0.0.1
set protocols static route 0.0.0.0/0 next-hop 10.0.0.100
Login winbox and set gateway and dns pointing to VYOS address.
That's done.
Enjoy!
