Dumb question: While OpenVPN sets a default route (not exactly, but two additional routes covering half of the whole address space each), as long as no killswitch is enabled, shouldn’t be traffic to WireGuard interface IPs (same as to other LAN IPs) be routed through the wg0 interface automatically? I mean there is a 10.0.0.0/24 route, overriding the ones from OpenVPN, isn’t it?
EDIT: Ah, but the packets sent by WireGuard itself are probably routed through the (Open)VPN interface… And the fwmark-based rule it applies has probably lower priority than the OpenVPN routes? Wouldn’t it be possible to change the priority of the WireGuard rule to be higher than the ones (routes) from OpenVPN?
EDIT2: Basically this rule(s):
32764: from all lookup main suppress_prefixlength 0
32765: from all not fwmark 0xca6c lookup 51820
It assures that all custom routes have higher priority than the WireGuard rule/routing table which passes packets through wg0. And OpenVPN routes have prefix length 1, isn’t it? So changing this to suppress_prefixlength 1 would lead to the WireGuard routing table being applied … ah, only for those pakets which are not encapsulated yet. So for those with this fwmark (the encapsulated ones) it would then still be required to route them through the default gateway directly instead of through OpenVPN.