I'm probably missing something silly, here's what I've got so far: 1/ Working VPN, I can ping between the BGP loopbacks on both sides
ping -S 192.168.1.1 10.250.250.250 ping -S 10.250.250.250 192.168.1.1 2/ The BGP sessions come up 3/ "bgpctl sho ri" shows all routes. But none of them have any flags, not even the *=valid flag. 4/ Setting "nexthop qualify via default" gets the valid & select flags, but doing a traceroute sees the traffic going of the default gateway instead of the vpn 5/ Playing with "fib-priority" in bgpd.conf doesnt' seem to achieve much. bgpd.conf looks like below : MY_ROUTER_ID_V4="192.168.1.1" MY_ASN="64550" AS $MY_ASN router-id $MY_ROUTER_ID_V4 socket "/var/www/run/bgpd.rsock" restricted rde med compare always group my_remote_group { remote-as 64515 announce none announce IPv6 none neighbor 10.250.250.250 { local-address $MY_ROUTER_ID_V4 descr "REMOTE NUMBER 1" } } deny from any match from any set origin igp allow from any prefix {198.51.100.0/24 or-longer,203.0.113.0/24 or-longer} deny to any allow to any prefix {192.0.2.0/24 or-longer}