Hello. I have RB4011 and just upgraded from 7.13.5 to 7.14 and got very confusing issue.
I have a Wireguard interface which belongs to a VRF, and I have a route to 0.0.0.0/0 in vrf_table through that wg_tunnel. I tried to repeat the issue in a more clear environment with hap ac^2 and issue confirmed. That's my config (everything other is just default):

/interface wireguard
add listen-port=13231 mtu=1420 name=wg_interface
/interface vlan
add interface=bridge name=vlan10 vlan-id=10
/interface bridge vlan
add bridge=bridge tagged=bridge,ether5 vlan-ids=10
/ip vrf
add interfaces=wg_interface,vlan10 name=vrf_table
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wg_interface@vrf_table pref-src=0.0.0.0 routing-table=vrf_table scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=wg_interface
/ip dhcp-client
add comment=defconf interface=ether1

And everything works as intended: wg_interface connects to a peer via ISP and provides access to /0 for vlan10, and other clients use dynamic route to 0.0.0.0/0 which is created from DHCP client (use ISP directly).

After updating to 7.14 I see that in the routing table:

/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=\
wg_interface@vrf_table pref-src=0.0.0.0 routing-table=vrf_table scope=30 \
suppress-hw-offload=no target-scope=10 vrf-interface=wg_interface

When I export config, BUT in winbox this route is shown as belonged to the main table and also works that way! I have no internet access anymore fot anyone, router can't check updates, wg_interface doesnt connect until I disable this rule. After reverting back to 7.13.5 everything goes back to normal.

Is that my config broken (this routing rule) or something wrong with the 7.14 update?
Probably, I shouldn't specify vrf-interface option, so what is that option for and why everything is fine with 7.13.5 and not with 7.14?
Thanks.

Actually I think v7.14 creates several issues with interfaces and VRF.
I have issues in my config with IPIP interfaces not working properly after v7.14.
Basically the IPIP interface does not get installed in the VRF table, but it stays in the main routing table.
Also at startup I get an error that using VRF while setting the IPIP interface (in the remote address side) to check whether VRF is enabled, which it is.
And finally also IP service being set on VRF does not respond to requests anymore.
So I switched back to 7.13.5 for now and everything returned working fine as before.
I have reported this both to support and to 7.14 forum post (viewtopic.php?t=205097&sid=60a2235908db ... e#p1059546); I can see others have the same issues with VRF and some type of interface.
In my case VLAN and L2TP worked fine with VRF and 7.14, but not IPIP tunnel.

clear we can see those two interfaces are in to the main table as they have +.
So your VRF is not working that for sure.

I have re-installed again v7.14 so that now I was able to generate a supout to provide Mikrotik.
In my case once the router restarts I get these type of error messages related to the IPIP interfaces:
failed to set vrf for interface ipip-if, please check if selected vrf instance is enabled

Hopefully Mikrotik will be able to reproduce it to find a fix for it.

I'm with you 100% experiencing the exact issue. I've had to downgrade all of my gear that I had initially upgraded until something is figured out. In my case the IP address route that is connected to the WG interface is dynamically assigned to the main routing table even when that interface belongs to my separate VRF and not to the main.

Thanks, confirmed.

Also seems like when I remove vtf-interface parameter, everything gets fine on 7.14.
What is that option for, where can I find explaination? Didn't see those in help.mikrotik.com, what changes when I leave that parameter empty? Considering that I specify gateway with vrf_table.

vrf-interface parameter is just another way to say in which vrf route will be added. VRF is then chosen based on which VRF interface belongs, but since after reboot IPIP tunnel is assigned to "main", route is also moved to main.

I reported this for 7.14beta9 (SUP-142491), not happy to still get this on stable. At least now it's probably getting fixed soon.

i'm confused with that feature. e.g. once u establish pppoe- client automatically is ading in to vrf interface even though it is in to the main table.

Didnt check with dhcp-client , but im predy sure that is behavior the same

7.14 completely breaks my VRF setup which has been working fine since 7.x. Wireguard connected route now goes to main instead of its associated VRF. And (maybe due to the first issue) one of my VRF default routes is automatically moved to main during the upgrade, breaking my Internet access.

had same issue, here's the workaround i found.

after updating to 7.14, noticed that the addesses in EoIP interfaces members of the VRF were falling on main VRF instead of created VRF, thus causing the issue, as reported by others.
upgrading to 7.15 beta did not solve it.

the solution was deleting EoIP and creating again and putting it back in VRF.

I received a notification from Mikrotik about the case I submitted that they fixed it and will be released soon.