So I'm answering to myself

Works because it is already being tracked. If I flush all connections it stops working

So:
1. Wireguard needs SRCNAT and is not doing NAT internally
2. I need to double-check before posting

That is good explanation - but next question arrives:
why it works even with all NAT rules disabled? It looks like wireguard is doing NAT internally.

btw: it works and is not using masq/snat rules. I can disable them. It is strange, I don't understand what is changing source address.
Does wireguard have it's own MASQ?

No they don't. This is the first rule.

BUT - the problem is fixed now. All I did is to restart the router. So - definitelly - there is some kind of problems in 7.1.1

anav, thanks for reply but I don't really understand Your post nor mentioned article. The situation here is simple: - R1 is a "client". R2 is "gateway". - R1 and R2 does have own internet connection, but part of R1-originated internet traffic has to go via R2, not by local link o...

Hi I've set up two routers R1 and R2 (ROS 7.1.1) and connected them with wireguard. Tunnel works fine, I can ping both endpoints. I'm trying to use it as a kind of VPN, forwarding part of the traffic from R1 via R2 to the internet. So - I've set up routes, firewall rules. Firewall counters on R2 sho...

I know it has been brought up many times with no reply from Mikrotik team. I know that it is not standard, according to TCP/IP specs, but I need to have an option for DSCP to be set to 6 for MT DHCP requests. If You are using Orange FTTH (in Poland at least) it is possible to use Mikrotik device con...

I had the same 'non working' wifi problem as described by others with rep package. End user device works good for some time and suddenly looses connectivity while showing wifi as connected. Simple disconnect/connect solves the problem for some time (5-10 minutes). If left with no intervention for so...

HI All, I've just started a test setup for CAPS manager. Network consists of: - one RB2011UAS-2HnD (will act as Caps manager) - one RB333 (will act as Caps client) both of them running 6.15 with wireless-fp enabled. They are connected via ethernet link, same subnet with no filtering. I've tried to s...