I have a Wireguard interface which belongs to a VRF, and I have a route to 0.0.0.0/0 in vrf_table through that wg_tunnel. I tried to repeat the issue in a more clear environment with hap ac^2 and issue confirmed. That's my config (everything other is just default):
And everything works as intended: wg_interface connects to a peer via ISP and provides access to /0 for vlan10, and other clients use dynamic route to 0.0.0.0/0 which is created from DHCP client (use ISP directly)./interface wireguard
add listen-port=13231 mtu=1420 name=wg_interface
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface bridge vlan
add bridge=bridge tagged=bridge,ether5 vlan-ids=10
/ip vrf
add interfaces=wg_interface,vlan10 name=vrf_table
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wg_interface@vrf_table pref-src=0.0.0.0 routing-table=vrf_table scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=wg_interface
/ip dhcp-client
add comment=defconf interface=ether1
After updating to 7.14 I see that in the routing table:
When I export config, BUT in winbox this route is shown as belonged to the main table and also works that way! I have no internet access anymore fot anyone, router can't check updates, wg_interface doesnt connect until I disable this rule. After reverting back to 7.13.5 everything goes back to normal./ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wg_interface@vrf_table pref-src=0.0.0.0 routing-table=vrf_table scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=wg_interface
Is that my config broken (this routing rule) or something wrong with the 7.14 update?
Probably, I shouldn't specify vrf-interface option, so what is that option for and why everything is fine with 7.13.5 and not with 7.14?
Thanks.