Let me share my experience. I have two routers deployed. I am downstream of the wireguard router which is a MikroTik RouterBOARD 951Ui-2nD running LuCI openwrt-19.07.
The 'Tic OpenWRT is checked to route all traffic via wg. Connected to it is a lowly Grandstream ATA . For several weeks I attempted to get the device configured (ATA) to connect outside the tunnel with no success. DMZ/Port Fwd nothing allowed the ATA to grab 5060-5061 5079-5080 UPD to get the provisioning. Wireguard is doing it job. Somewhat throwing in the towel I put the ATA on a third router upstream the 'Tik. Since it was no longer encumbered by the tunnel enforced by Wireguard ~ it provisioned.
However, I didn't like having another router in the house with the sole purpose of providing me Voip. I left it like that while I scoured the internet for something that would bring my back to two router and that was PBR/VPR
[vpn-policy-routing 0.2.1-13].
With this regard, I'm not attempting to dissuade you to look for the simplest solution without using PBR. I'm sharing. A third router for you, outside the wg tunnel might be an option to consider if you have not already.
If you have requisite skill in RouterOS we have a community member that could use your help @sevo, and perhaps you two can assist each other achieving goals.
Warm Regards
Bill
The Edit:
Thank you @midler for a thought provoking question:
Thank you @pavelgl for providing me a solution via PM to the ATA
vpn policy base routing is stopped/disabled
The Fix for ATA ~ Voip ~
config interface 'wan'
option ifname 'eth0'
option proto 'dhcp'
option peerdns '0'
list dns '127.0.0.1'
option metric '10' # Added Metric option
config rule # confg rule where option src 'ATA Device'
option in 'lan'
option src '192.168.33.xxx/32'
option lookup '100'
config route # option gateway 'ISP gateway'
option target '0.0.0.0/0'
option interface 'wan'
option table '100'
option gateway 'xxx.254.44.1'
/etc/config$ ip route show default
default dev SSWG proto static scope link
default via xxx.254.44.1 dev eth0 proto static src xxx.254.44.175 metric 10
/etc/config$ ip rule
0: from all lookup local
1: from 192.168.33.xxx iif br-lan lookup 100
32766: from all lookup main
32767: from all lookup default
/etc/config$ ip route show table 100
default via xxx.254.44.1 dev eth0 proto static metric 10
@midler
If your problem is solved, please consider marking this topic as [Solved]. This will help community members as well as visitor quickly find results. In this case possibly TWO! Happy Routing my friends. See How to mark a topic as [Solved] for a short how-to.