BGP routing DN42 help

I’ve currently got a vps in vultr running vyos 1.4.x, this is peered with a transit provider and i can ping networks inside DN42 as expected. aka ‘core-bgp-router’.

A second vyos instance, this time inside my own vsphere infrastructure. Setup the wireguard tunnel to the core-bgp-router vps and then setup iBGP (using my own AS as both sides). Lets call this edge01.

edge01 gets a full copy of the bgp routing table as expected, but i can only ping hosts within my AS, any external pings (ie to 172.20.0.52 which is the dn42 dns service) do not work.

I’ve been trying to work this out literally all weekend, any help would be appreciated. In the core config this vm’s wireguard tunnel is wg11.

Local vyos vm config:

vyos local vm - Pastebin.com

vultr core vyos config:

firewall { name WGv4_LOCAL { default-action accept rule 1 - Pastebin.com

After some searching here i found this post “unable-to-ping-on-bgp-route/5661/3” and when i try to ping the dn42 dns server using

ping 172.20.0.53 interface 172.23.5.70

that does work… I must be missing a route somewhere but as far as i can tell everything can talk to each other.

I also setup an ubuntu vm to test out other bgp packages, namely bird, this is wg10 on the core router. From this ubuntu vm, 172.23.5.66 i can ping out threw the core router properly, so that makes me think that the issue im having is with the config of the edge vyos box and not the core.

Help!