Can you ping .254? .255 should go direct and .254 should be encapsulated to the same machine.

No

Do you have an address I can test to? I have been doing a few tests and it would appear that there are some issues here.

44.137.0.1 should be fine, and 44.137.41.97 as well

Previously I was able to access services that were public the same as an external host, but now many of those are not working. As an example 44.137.0.1 works fine from an external IP address, but not a 44.131.14/24 one. I have found at least 1 host responding to my encapsulated packets with ICMP Administratively Denied, which makes me suspect that the problem is actually my anycast setup with my source address not matching the gateway address.

It is. Now I see what is wrong, the firewall log is full of:

Apr 6 19:47:01 Packet REJECT: IN=eth0 OUT= SRC=45.63.97.98 DST=213.222.29.194 LEN=104 TOS=0x00 PREC=0x00 TTL=52 ID=19182 DF PROTO=4

That source address apparently belongs to you but it is not the tunnel endpoint. We reject all protocol 4 traffic from hosts not in the RIP broadcast for tunnels.

Rob