#network #mikrotik #antidpi #proxy #ntc_party

https://hub.docker.com/r/wiktorbgu/byedpi-hev-socks5-tunnel 57

Всё в одном контейнере
tag:test

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-11:

```sh
/ip firewall nat add action=redirect chain=dstnat dst-address-list=!local dst-port=53 in-interface-list=LAN protocol=udp
/ip firewall nat add action=redirect chain=dstnat dst-address-list=!local dst-port=53 in-interface-list=LAN protocol=tcp

:delay 10s

/container start [find interface=BYEDPI-SOCKS]
/container start [find interface=TUN2SOCKS]
```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-10:

```sh
/ip/route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.254.2%Bridge-Docker pref-src="" routing-table=dpi_mark scope=30 suppress-hw-offload=no target-scope=10

/ip firewall mangle add action=mark-connection chain=prerouting connection-mark=no-mark dst-address-list=za_dpi_FWD in-interface-list=LAN new-connection-mark=to_dpi passthrough=yes
/ip firewall mangle add action=mark-routing chain=prerouting comment="To DPI" connection-mark=to_dpi in-interface-list=LAN new-routing-mark=dpi_mark passthrough=no routing-mark=!dpi_mark

/ip firewall filter set [find action=fasttrack-connection] packet-mark=no-mark connection-mark=no-mark

/ip/firewall/address-list/ add address=10.0.0.0/8 list=local
/ip/firewall/address-list/ add address=172.16.0.0/12 list=local
/ip/firewall/address-list/ add address=192.168.0.0/16 list=local
```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-9:

```sh
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=linkedin.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=prntscr.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=prnt.sc type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=t.co type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=protonvpn.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=nnmclub.to type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=ntc.party type=FWD

/routing/table add disabled=no fib name=dpi_mark
```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-8:

```sh
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=ggpht.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=rutracker.org type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=rutracker.cc type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=medium.com type=FWD

/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=facebook.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=fbcdn.net type=FWD

/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=x.com type=FWD

/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=twitter.com type=FWD

```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-7:

```sh
/container/add remote-image=wiktorbgu/byedpi-hev-socks5-tunnel interface=BYEDPI-TUN cmd="--disorder 1 --auto=torst --tlsrec 1+s" root-dir=/usb1/docker/byedpi-hev-socks5-tunnel start-on-boot=yes

/ip/dns set address-list-extra-time=0s # set to default

/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=googlevideo.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtube.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtubei.googleapis.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=ytimg.com type=FWD

/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtu.be type=FWD
```

#network #mikrotik #antidpi #proxy #ntc_party

Новый вариант настройки и контейнера в ориге статьи уже есть: [Решаем проблему блокировок (и YouTube) за 5 минут на роутере Mikrotik через контейнеры и без VPN / Хабр 76] https://habr.com/ru/articles/838452/

ВНИМАНИЕ!!! Предыдущие варианты настроек должны быть удалены перед установкой нового контейнера.

Команды-настройки-6:

```sh

/tool fetch https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem
/certificate import file-name=DigiCertGlobalRootG2.crt.pem passphrase=""
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes

/interface/bridge add name=Bridge-Docker port-cost-mode=short
/ip/address add address=192.168.254.1/24 interface=Bridge-Docker network=192.168.254.0
/interface/veth add address=192.168.254.2/24 gateway=192.168.254.1 name=BYEDPI-TUN
/interface/bridge/port add bridge=Bridge-Docker interface=BYEDPI-TUN

/container/config set registry-url=https://registry-1.docker.io tmpdir=/usb1/docker/pull

```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-5:

```sh
/ip firewall nat add action=redirect chain=dstnat dst-address-list=!local dst-port=53 in-interface-list=LAN protocol=udp
/ip firewall nat add action=redirect chain=dstnat dst-address-list=!local dst-port=53 in-interface-list=LAN protocol=tcp
```
После выполнения команд необходимо запустить 2 добавленных контейнера и перезагрузить роутер.

UPD1: Вариант размещения `antidpi` на роутере не совместим с `antizapret` через openvpn на нём же, так как происходит наложение маршрутов.
У меня лично завелось всё с параметрами `--fake -1 --ttl 10 --auto=ssl_err --fake -1 --ttl 5` в аргументах контейнера.

UPD2: Если нет возможности использовать DoH или 7.16rc4 (якобы всё ещё сырая прошивка), то нужно указать `dns` вместо `localhost` в `dns static`.

UPD3: Удалось совместить `antizapret` и `youtube` с другими сайтами путем указания им публичного `dns` снова `dns static`.

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-4:

```sh
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=medium.com type=FWD

/routing/table add disabled=no fib name=dpi_mark

/ip/route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.254.2%Bridge-Docker pref-src="" routing-table=dpi_mark scope=30 suppress-hw-offload=no target-scope=10

/ip firewall mangle add action=mark-routing chain=prerouting comment="List DNS FWD route to tun2socks => byedpi" connection-state="" dst-address-list=za_dpi_FWD in-interface-list=LAN new-routing-mark=dpi_mark passthrough=no

/ip/firewall/address-list/ add address=10.0.0.0/8 list=local
/ip/firewall/address-list/ add address=172.16.0.0/12 list=local
/ip/firewall/address-list/ add address=192.168.0.0/16 list=local
```

#network #mikrotik #antidpi #proxy #ntc_party

Команды-настройки-3:

```sh
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=googlevideo.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtube.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtubei.googleapis.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=ytimg.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=youtu.be type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=ggpht.com type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=rutracker.org type=FWD
/ip/dns/static/ add address-list=za_dpi_FWD forward-to=localhost match-subdomain=yes name=rutracker.cc type=FWD
```