Hi Im looking for working NAT rules for HaP ax2 ROSv7.20
Thanks for any suggestion
Separate your diagrams into digestible components.
A. network diagram detailing vlans, internet connection etc..
( for example it would appear your talking about two different routers talking to one another over the internet??)
B. To discuss traffic flow
- identify all the user(s)/device(s) including the admin
- describe the traffic they each need to accomplish
If you want the PC to reach the server via wireguard, then recommend sourcnat out the wireguard on the mikrotik
/ip firewall nat
add chain=srcnat action=masquerade out-interface=wireguard1
This will solve most routing, and allowed addresses type issues at the VPS end,
and this also assumes on the mikrotik, the allowed IPs is set to either 0.0.0.0/0 or at least
10.0.0.0/24,vps-ServerIP
++++++++++++++++++++++++++++++++++++
If what you are asking, is how do I force that PC out the wireguard tunnel.
/routing table add fib name=useWG
/routing rule add src-address=192.168.88.99 dst-address=vps-serverIP \
action=lookup-only-in-table table=useWG
/ip route
add dst-address=vps-serverIP gateway=wireguard1 routing-table=useWG
If the intent were for the PC to reach the server and to go out the internet at the other end it would look like:
/routing table add fib name=useWG
/routing rule add min-prefix=0 action=lookup-only-table table=main
/routing rule add src-address=192.168.88.99 action=lookup-only-in-table table=useWG
/ip route
add dst-address=0.0.0.0/0 gateway=wireguard1 routing-table=useWG
NO …i ask HOW to reach to [PC] from [MIKROTIK]
using the Internet connection http://[server ip]:80
because the connection from [PC] to the [INTERNET] works well
I put arrows in the pictures DIRECTION OF CONNECTION 
Why would the mikrotik need to reach a PC on one of its subnets???
Its local and knows where it is.
If the information was clear, I would not be lost LOL.
Try a different network diagramming method.........
https://www.edraw.ai/feature/online-network-diagram-maker.html
you know it, I know too... BUT MIKROTIK doesn't know it.
I got a suggestion that I must try another MT ROUTER to test my configuration...maybe THIS router have some problem 
OK
I tried to connect the MikroTik directly to the ONT - WORKING FINE , but in this case, I have to use VLAN 35(from my internet provider) for communication, and I think I'll give up on it... until I come up with something new.
But let me ask something else.
Maybe someone has had experience connecting a MikroTik Hap ax2 to a HUAWEI DN8245X6-10 router in BRIDGE mode and can share their experience and settings regarding this topic. In this scenario, I have a problem with the PPPoE connection itself. here: Problem with PPPoE MT HaP ax2 + HUAWEI DN8245X6-10 - BRIDGE
It doesn't matter if I use for authorization:
just the customer login data, or if I clone the MAC address, or if I substitute the gateway IP.
The end result is always the same:
connection initialization - connecting - disconnected.