Managed to fix this on my own. Had to add a masquerad rule When I removed: ip route add default dev tunl0 via 169.228.66.251 onlink table 44 I had to add this to allow eth1 (my wireless LAN) to get anywhere: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE Thanks again ---------- Forwarded message ---------- From: Steve L <kb9mwr(a)gmail.com> Date: Thu, Jun 18, 2015 at 7:36 PM Subject: Re; (no subject) To: "44net(a)hamradio.ucsd.edu" <44net(a)hamradio.ucsd.edu> Marius, I was to hasty in saying removing this line fixed everything. I forgot to test from a remote host on my wireless LAN, I got a message from one of my LAN users that this broke things. Although I am at a loss as to why. It broke all remote connectivity. Works from the gateway itself, but all remote traceroutes stop when they reach my gateway, Steve ---- Quote ---- The issue in your setup is 'ip route add default dev tunl0 via 169.228.66.251 onlink table 44' which should go away if ypu want to reach BGP announced networks. Marius