Udp stopped working after switching to fw4/nft

openwrt has switched to fw4/nft by default, after rebuilding image with fw4/nft I noticed that I cannot connect neither to my wireguard or openvpn servers installed on the router, both vpn servers configured to listen on udp(there is no other option for wireguard though ). If i reconfigure openvpn to listen tcp port then it works fine. I think it's a bug because tcp traffic rules works as they should, also there is no incoming packets in the input_wan chain

                tcp dport 51820 counter packets 0 bytes 0 accept comment "!fw4: wireguard"
                udp dport 51820 counter packets 0 bytes 0 accept comment "!fw4: wireguard"
                tcp dport 1194 counter packets 0 bytes 0 accept comment "!fw4: openvpn"
                udp dport 1194 counter packets 0 bytes 0 accept comment "!fw4: openvpn"

So basically my old config with fw/iptables works fine but fw4/nft doesn't.

I think you can scratch fw4, as it apparently creates the proper rules. So it likely is an nft issue.

Is any kind of offloading in use?

Tried w/ and w/o sw/hw offloading

On which target/device does this problem occur on?

ubiquiti edgerouter X mt7621

Hmm, using an Ubnt ER-X-SFP as my home gateway here and I can't easily reproduce UDP specific issues, the UDP test rule coupled with some netcat -u probing works as expected... packets arrive, rule has non-zero counter.

Given that your rules all have zero counters I suppose that they're simply not reached and the TCP connect maybe works because it's accidentially allowed by something else by chance. Would you mind to PM me your complete /etc/config/firewall as well as the nft list ruleset output?

Interesting, I removed all port forward rules and now udp works, looks like the same issue as per Firewall4 issues with multi-protocol port forwards
Multiprotocol rules breaks the things)