I come from linux and used policy based routing (rules + dedicated tables). Now I read it
s done differently here.
I have a fiber PPPoE uplink and there is a wireguard connection to a datacenter location. Both I'd like to use as possible gateway, depending on what downstream net someone is in.
The gateways for PPPoE are there automatically and then I added two for the wireguard tunnel, one for v4 the other one for v6.
Then I setup manual NAT (see Screenshot). TK_ROOT_V4 are all the local nets that should use PPPoE DMZPI is the one I want not to be natted.
Lastly there is the the outbound rules for DMZPI. (Screenshot).
The problem now is that when I route IPv4 it all goes well through the wireguard for DMZPI clients but for IPv6 I see that the packets for the internet host are leaving on the PPPoE interface instead of the wireguard interface.
I double checked my config maybe triple. Help me Obi Wan Kenobi, you're my only hope :-)
That's what you've told it to do, in your "DMZPI" rules - the one for IPv4 is using your WG gateway, but the one for v6 is using WAN_DHCP6, not your v6 WG gateway.
you're totally right, that was my messup. I fixed it but the problem remains the same. I see the ICMPv6 packets STILL going out the WAN (PPPoE) interface.
You may need to flush state tables after making that change....
Yes that was it, thank you!