Hi all,
Probably a noob question but I’m not very pro in networking… so hope for your help! 
It’s not specifically tied to Router OS, but it’s much faster to test using it (it’s like LEGO).
So, there are two routers with their relevant networks (let’s say A and B), to some cloud machine (let’s say C) as a site-to-site VPN (WireGuard is used, but that’s not really relevant here). Routers have standard 192.168.88.0/24 networks and VPN interfaces are 172.16.1.0/24. There’s no custom routing and everyone can access everyone (WireGuard’s AllowedIPs has both networks listed). Both A and B have are connected to the Internet via different ISPs.
What I want: to create such (virtual) gateway address on C, which I could use as a default gateway for both A and B. So A’s and B’s Internet connection will go via this host. Then, on C, there’s different ISP and basically there’s MASQUERADE for everything leaving C. Essentially, when you connect A to the Internet, it can only access C and B resources (via WireGuard), but not the Internet UNLESS this default gateway (let’s say 172.16.1.64) is specified.
What I’ve tried: VLAN, VETH, custom routing table on C, pure iptables with little to no success. At some point I either use connectivity to C or Internet, and my traceroute starts looking very mysterious. I guess the biggest question is routing, since I don’t want it to be pure iptables src-nat like (very CPU expensive).
A and B are RouterOS devices and their configuration is minimal, C is going to be a Linux VPS, right now is RouterOS device also (to test the concept).
Any ideas are appreciated!
Best