On your local V2Ray server (e.g., IP 192.168.88.254):
On MikroTik:
/ip socks set enabled=yes version=5 server=192.168.88.254:1080
/ip firewall nat add chain=srcnat action=masquerade
/ip route add gateway=192.168.88.254
To force all HTTP/HTTPS through the proxy:
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80,443 action=mark-routing new-routing-mark=via-socks
/ip route add gateway=192.168.88.254 routing-mark=via-socks
Warning: The native MikroTik Socks client is not as performant as a modern proxy. It lacks UDP support and can struggle with high concurrency. Use this only for low-bandwidth browsing. v2ray mikrotik
You run V2Ray on a local Raspberry Pi (or a VPS) in Socks5 mode. MikroTik connects to that Socks proxy and forwards all traffic or selective traffic.
To avoid routing everything (like Netflix or local banking), use MikroTik's DNS to identify blocked domains.
/ip firewall mangle add chain=prerouting dst-address=192.168.88.11 action=mark-routing new-routing-mark=to-v2ray
This way, only when a user requests twitter.com (resolved to your fake IP) does the traffic hit V2Ray. On your local V2Ray server (e
Running V2Ray in a container on a $60 router has limits. Here is how to maximize throughput:
Realistic speeds:
V2Ray must handle DNS. In config.json, add: To force all HTTP/HTTPS through the proxy: /ip
"dns":
"servers": ["1.1.1.1", "8.8.8.8"]
And set "policy": "levels" to force all lookups through V2Ray.
You can pull a lightweight V2Ray or Xray core image from Docker Hub.
/container/config
set registry-url=https://registry.hub.docker.com
/container
add remote-image=teddysun/v2ray:latest interface=veth1
If your MikroTik does not support containers, use a Raspberry Pi running Raspbian and V2Ray.
This is more reliable than containers for heavy loads because the Pi has better RAM management.