I need to mock location for android (192.168.90.2) youtube application. And for now it’s looks like x-y problem(.
I try to use wireguard app (client IP 192.168.100.100) with split tunneling (only youtube in) to my Mikrotik-main (192.168.X.1).
Then I mark routing (192.168.100.100) to VPN WM. This WM have 2 interfaces - LAN(192.168.120.13) and WAN(192.168.130.13). When WM vpn client application starts it create tun0 (10.10.10.2) to VPN external machine. WM LAN for lan communications and WAN only to ISP over Mikrotik-main.
When setup starts I watch how 192.168.90.2 start WG tunnel to 192.168.100.1, receive IP 192.168.100.100 as a client, mikrotik-main mark this routing to 192.168.120.13, with use 192.168.130.13 to start tun0 and send all 192.168.100.100 traffic to it. I watch as answers from tun0 flow back to mikrotik-main, but never reach 192.168.100.100.
Do I need add some rule to forward this 192.168.120.13 traffic to 192.168.100.100 ?
/ip firewall address-list
add address=192.168.100.100-192.168.100.200 comment=\
"Pool 10 WG Home Devs" list=\
Pool_10_WireGuardClients_VPN_route_01
/ip firewall mangle
add action=mark-routing chain=prerouting disabled=no dst-address-list=\
!RFC1918 new-routing-mark=SERVER-PVE-VM-VPN-04 passthrough=no \
src-address-list=Pool_10_WireGuardClients_VPN_route_01
/routing rule
add action=lookup-only-in-table disabled=no dst-address=0.0.0.0/0 min-prefix=\
0 routing-mark=SERVER-PVE-VM-VPN-04 src-address=0.0.0.0/0 table=\
SERVER-PVE-VM-VPN-04
/routing table
add disabled=no fib name=SERVER-PVE-VM-VPN-04
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=I.S.P.IPv4 \
pref-src="" routing-table=main scope=30 suppress-hw-offload=yes \
target-scope=10
add disabled=no distance=3 dst-address=0.0.0.0/0 gateway=192.168.120.13 \
pref-src="" routing-table=SERVER-PVE-VM-VPN-04 scope=30 \
suppress-hw-offload=yes target-scope=10