update

Dockerfile

 FROM node
 RUN apt-get update
-RUN apt-get install -y kmod
+RUN apt-get install -y kmod ipset gettext
 RUN mkdir -p /usr/src/app
 WORKDIR /usr/src/app
 

db.coffee

@@ -53,8 +53,8 @@ module.exports =
                     servers[21].next_hop = 20
                     servers[22].next_hop = 20
                     servers[23].next_hop = 20
-                    regions[0].gateway = 21
-                    regions[1].gateway = 23
+                    regions[0].gateway = 4
+                    regions[1].gateway = 9
                   when 1, 9
                     servers[20].next_hop = 8
                     servers[21].next_hop = 8

iptables-rules

@@ -38,6 +38,7 @@ COMMIT
 # Completed on Thu Feb  4 08:05:19 2016
 # Generated by iptables-save v1.4.21 on Thu Feb  4 08:05:19 2016
 *nat
+-A POSTROUTING -s 172.16.0.0/12 ! -o docker0 -j MASQUERADE
 -A PREROUTING -p tcp -m set --match-set block_ip src -j REDIRECT --to-ports 3101
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m multiport --dports 22,443,3000,1723,5001,5201 -j ACCEPT
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -m set --match-set ports1 dst -j REDIRECT --to-ports 3128
@@ -50,6 +51,7 @@ COMMIT
 -A POSTROUTING -o ${RAILGUN_INTERFACE} -s 10.0.0.0/8 -j SNAT --to-source ${RAILGUN_PRIVATE_ADDRESS}
 COMMIT
 *mangle
+-A FORWARD -s 172.16.0.0/12 -j ACCEPT
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 ! -d 10.0.0.0/8 -p tcp -m multiport --dports 9300,9301,9400 -j MARK --set-xmark 0x1/0xffffffff
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 ! -d 10.0.0.0/8 -p tcp -m multiport --dports 9300,9301,9400 -j ACCEPT
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 -p tcp -m addrtype ! --dst-type LOCAL -j TPROXY --on-port 5000 --on-ip 0.0.0.0 --tproxy-mark 0x3

route.coffee

@@ -111,7 +111,7 @@ module.exports =
     for i, region of regions when region.gateway?
       for address in region.addresses
         if region.gateway == server_id
-          ip.push "route add #{address} via #{process.env.RAILGUN_GATEWAY} table 101"
+          ip.push "route add #{address} via #{process.env.RAILGUN_GATEWAY} dev #{process.env.RAILGUN_INTERFACE} table 101"
         else
           ip.push "route add #{address} advmss 1360 dev railgun#{servers[region.gateway].next_hop} src #{servers[server_id].host} realm #{region.gateway} table 101"
 

start.sh

@@ -6,6 +6,10 @@ echo 'modprobe fou...'
 
 modprobe fou
 
+echo 'ipsec...'
+
+bash /etc/railgun/ipsec.sh
+
 echo 'ipset...'
 
 ipset create -exist ports1 bitmap:port range 10000-32767
@@ -31,7 +35,7 @@ ip route replace 10.${RAILGUN_ID}.96.0/20 via ${RAILGUN_GATEWAY}
 
 echo 'network...'
 
-coffee main.coffee
+npm start
 ip route flush cache
 
 sleep 1000d