The following guide provides guidance on the installation of NetFoundry Ziti-Tunnel software on to a MikroTik router. The functionality has been validated on a default base virtual router with but should operate the same with a physical router with 7.1.4c development operating system.
NOTE: the is not a production feature in RouterOS and is currently in development.
Container is MikroTik's own implementation of Docker(TM), allowing users to run containerized environments within RouterOS. The container feature was added in RouterOS v7.1rc4. In addition to running RouterOS 7.1rc3 or better the container software must be downloaded to the router. It can be downloaded from the "Extra Packages" download location.
Turn on logging to echo for container package. Go to system > Logging + Topic Container and Action Echo
Additionally, to get started you will need to have a computer with Docker installed. MikroTik RouterOS does not have a "Pull" function so it is necessary to pull the NetFoundry Ziti-Tunnel image to a computer running Docker. You will be required to convert to Tar file before copying to Mikrotik Router.
docker pull netfoundry/ziti-tunnel:latest
docker save netfoundry/ziti-tunnel:latest > ziti-tunnel.tar
Copy ziti-tunnel.tar file to MikroTik router. (WinSCP, SCP or other to default root directory)
Create an identity for the router in the console and copy to Mikrotik router(default root directory).
Log in to Mikrotik RouterOS CLI. Create a Virtual Interface for the Container environment. We chose an available network that does not overlap with any internal networks.
Create a Bridge for the Containers and add veth1 to the bridge.
add bridge=docker interface=veth1
Create environment variables
container envs add list=netfoundry name=NF_REG_NAME value=regkey(without ".jwt")
Create mountpoints for non-volatile data.
container mounts add name netfoundry-volume src=/netfoundry dst=/netfoundry
Create container from Tar image.
container add file=ziti-tunnel.tar interface=veth1 envlist=netfoundry mounts=netfoundry-volume hostname=ziti-host logging=yes
0 file=ziti-tunnel.tar name="39f27176-5f07-44a9-93fb-1f2b55563cab" tag="netfoundry/ziti-tunnel:latest" os="linux"
arch="amd64" interface=veth1 envlist="netfoundry" mounts=netfoundry-volume dns="" hostname="ziti-host"
container start 0
The container will fail as the identity.jwt file is located in the root directory from Step 3. The system will attempt at starting the container at which point the /netfoundry folder will be created on the mikrotik router. Once created, return to scp or ftp and copy the identity.jwt file from your local machine again but into the netfoundry directory. NOTE: This is required as users are not allowed to create directory in the file system. Example below:
scp identities/K8s-Endpoint-Skip.jwt firstname.lastname@example.org:/netfoundry
container start 0