Hi!
I have a Windows 10 PC and a Mikrotik router with different subnets, VLANs and a wireguard connection.
To make is simple, I have a VLAN 10 as a general home network with IP 192.168.10.0/24 and a VLAN 100 as a managment network with IP 192.168.100.0/24. There is a wireguard tunnel between VLAN 100 and my work management network. My PC has two NICs, one is in VLAN 10, the second one is in VLAN 100. The NIC in VLAN 10 has lower metric than in VLAN 100, so it's preferred for general access (e.g. Internet).

What I need:
Connection from VLAN 100 should be allowed to pass to wireguard tunnel through NIC which is part of VLAN 100 only.

What's the current status:
With ONLY VLAN 100 NIC active everything works fine.
With BOTH VLAN 10 and VLAN 100 NICs active, I get "Destination net unreachable", it automatically picks the VLAN 10 NIC for the connection. My PC won't even try for the second NIC to see, if that network is reachable.

What I tried so far:
I made a firewall filter rule to actively reject VLAN 10 -> work network connections which resulted in "Destination net unreachable" instead of "Request timed out."
I applied a DHCP rule 121 for VLAN 100 NIC and specified the gateway for work network. I can see the entry on Windows PC, but the metric is higher than VLAN 10 NIC metric.

Is there any other solution than making a static route through VLAN 100 NIC with low metric on the PC itself?

Thank you for your time.