IPv4 transit not routed into Wireguard tunnel (IPv6 works)

Sun Apr 12 14:52:20 CEST 2026

If you want help with this you will need to provide outputs of various commands, amongst others "ip ro show" to know what the Linux kernel is thinking, but also the bird equivalent (birdc show route) and verify hop-by-hop where things are correct.

You will also want to include a minimal bird config, that should include device/direct/kernel protocols.

Also, check your wireguard config, it will only route 'known' IPs, thus AllowsIPs should include the IP addresses that are allows (server side 0.0.0.0/0, ::/0; client side just the specific IPs that are there).

Also note that they are not packAGES, but packETS.

For debugging, go hop-by-hop. Check routes (and 'ip ro get <ip>' to determine what the next hop is according to Linux), use tcpdump on the interface towards the next hop etc.

I use IPv4 over IPv6 Link-Local Nexthop RFC5549/RFC8950:
 https://massars.net/design/#birdipv6ll

and some links that are not connected by Ethernet are Wireguard and that works fine.
I do not use iBGP though, everything is eBGP and every node has it's own ASN.
But those are choices one has to make depending on requirements and what one prefers etc.

Regards,
 Jeroen

> On 10 Apr 2026, at 16:26, VS <vs at mydynip.net> wrote:
> 
> Good afternoon,
> 
> need to state I am no routing expert, so bear with me if this is a dumb fault on my side.
> 
> I am running bird 2.17.1 on Trixie (myASN), announcing a IPv6/48 and a IPv4/24 to upstream ASN via myASN. MyASN is running on a VPS which has a Wireguard tunnel to me here. On this side is a Pfsense with FRR announcing my 1.2.3.0/25 on vtnet6 (128 IPs should be here) through the Wireguard Tunnel to myASN.
> 
> On myASN the the IPv6 Traffic works fine. Coming in from Upstream and is routed into the tunnel and traffic coming through the tunnel is routed out to the internet.
> 
> In the case of IPv4 with stopped bird, I can ping e.g. 1.2.3.10 through the tunnel, which is setup using 172.16.150.8/30 using .9 and .10 on the tunnel ends. I also can ping the internet using the default gateway and the eth0 IP.
> 
> When I start bird the IPv4/24 is announced to upstream and traffic comes in via eth0. Also if the 1.2.3.10 host behind the Pfsense pings e.g. 8.8.8.8, the traffic comes up to myASN through the tunnel. But the the package is lost, not routed out to the Internet, nor is incoming traffic routed into the tunnel.
> 
> I already set multihop 3 on IBGP definition because 1.2.3.0/25 is not directly connected to myASN and traffic needs to use the route into the tunnel. birdc show routes and other commands show the route are there and also ip route get shows the routes are in the kernel table master4 after bird starts. No firewall active so nothing blocks any traffic on this level.
> 
> I am sure I am blind, but sitting since days searching for a solution. An link to a cool tutorial for a kinda transit traffic setup (I checked lots of them) or any hint for a possible problem in my setup would be greatly appreciated.
> 
> Thank you very much!