-
Notifications
You must be signed in to change notification settings - Fork 345
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
T6928: Support for custom interface type or custom config node #4224
Conversation
👍 |
CI integration ❌ failed! Details
|
|
||
|
||
def get_utunnel_config(tunnel_type): | ||
config_file = os.path.join(utunnel_config_directory, '{}.yaml'.format(tunnel_type)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of hardcoding some /config/utunnels/.yml
why not generate .yml files from config/XML and do not use /config/utunnels
at all?
Copy config on one server and paste on another is a convenient, but we will loose this due such hacks.
<interfaceDefinition> | ||
<node name="interfaces"> | ||
<children> | ||
<tagNode name="utunnel" owner="${vyos_conf_scripts_dir}/interfaces_custom_tunnel.py"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you share an example of CLI ?
I didn't get how does It looks like. Part of config you do from CLI, another part from some hardcoded path from .yml
I explain everything here. Here is my project vyos-clash: https://github.com/sskaje/vyos-clash You can see how I use my script on VyOS. In my script, it manages binary downloading, systemd file setup. Neither VyOS nor iproutes needs to create/delete tun devices because the clash binary does. This is similar to T5623, tun device is created by binary. I don't think clash or Socks5 proxy should to be added to VyOS natively. Also, such VPN similar solution may meet law issues and things may change, for example, there were two clash implementions for linux, Dreamacro/clash and metaCubeX/clash.meta, the first was was removed by its author (along with many other implementions for other platforms) and only the second one is still there and renamed to https://github.com/MetaCubeX/mihomo That's why I start T6928 ask if VyOS has 'Support for custom interface type or custom config node'. For the /config, I choose this because it's safe between upgrades. I don't need to use deb post-install to perform changes. |
Why not use |
A few users not in China. I don't see other linux clash solutions use containers, like ShellClash, OpenClash, using containers will make redir-host, TPROXY and TUN much more complicated. Another thing is I'm not sure if I can make PBR work easily with clash if it's in container. I know someone gives a LAN ip to clash container, like a VM (sth like macvlan?), but it's hard to change router address for every IoT and other devices like Google/Apple sound boxes, Switch, PS, etc, adding their ips to a PBR source ip set is much easier. (This is how I control my home devices' traffics for now, China local IoT devices to a direct connection policy group, Switch/PS/Android TV box to a VPN policy group, etc). I also know I can set up container like another upstream router node (I don't know how to name this node), and PBR my traffic to the container and make sure container's traffic use correct route table. Another problem, docker has been blocked in China for years, and its China mirrors have been blocked since Jun 2024. My another use case is, I set up clash on my router, create a interface group like
My home devices connect via eth0, when I was not at home, I connect to my home router via wg0. Traffics from this interface group also with source ip in another group will get traffic redirected to clash so I can access github/google everywhere. |
Container in VyOS with
Do you think it will solve your issue? |
I'm still trying to find out if clash's REDIR-host and TPROXY can work with container mode, I'll update when I get any conclusions. |
@sskaje We discussed it among maintainers and the agreement is that custom nodes in this way is a Pandora's box that we don't want to open. However! We are working on a mechanism to allow containerized addons to register commands with the host, we think this would be a good candidate for such an addon and we are interested in your input — how you see the addon mechanism working to allow what you want to do. Don't be discouraged — I'm sure together we can make it possible to extend VyOS in ways that don't require merging things into the mainline image. |
Change Summary
Types of changes
Related Task(s)
https://vyos.dev/T6928
Related PR(s)
vyos/vyos-documentation#1574
Component(s) name
Proposed changes
How to test
https://github.com/sskaje/vyos-clash
Smoketest result
Checklist: