I have a Mikrotik ATL LTE18 (ROSv7.12) connected to a Surfshark Wireguard tunnel; I’m using policy routing to route international traffic through the tunnel, traffic to my country’s IPs will bypass the tunnel, this works as expected but I have an issue with the default fasttrack rule in FILTER - FORWARD:
;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related log=no log-prefix=""
I figured that this rule was messing with the wireguard tunnel (the connection was extremely slow) so I disabled it.
The thing is that I don’t want this rule to be disabled since there is traffic going out lte1 that I want to apply this rule to; so trying to exclude the wireguard traffic from hitting this rule, I did this:
;;; defconf: fasttrack
chain=forward action=fasttrack-connection hw-offload=yes connection-state=established,related routing-mark=!wgtunnel log=no log-prefix=""
But this doesn’t work (apparently), I can see traffic in:wireguard1 out:ether1 hitting the rule. What am I missing here?