I think wireguard is adding a static route for the destination, something like:
XXX.XXX.XXX.XXX via 192.168.10.1 dev wlan0 proto static metric 20
which forces the tunneled traffic to go through that gateway. If the interface doesn't go down, it will remain there. So you'd need a rule in pbr to force OUTPUT traffic from the device towards that VPN server to use the wan, but to be able to switchover to wwan when wan is down.
1 Like