Routing issues in migrated VPN profiles

[keeshux]

Do not migrate v2 "Network settings" to a "Routing" module. They just are not the same.

In particular, when overriding the "Default gateway", v2 used to tweak in place:

• The redirect-gateway flags in OpenVPN configurations (and this usually works)
• The AllowedIPs directive in WireGuard configurations

The "Routing" module in v3 is doing a different thing, i.e. "include/exclude this route in/from the tunnel interface".

With WireGuard in particular, this is insufficient because the tunnel performs additional checks on allowed IP packets. E.g. if we include the default route with a "Routing" module, but the same route is not also present in AllowedIPs, this will happen:

IPv4 packet with disallowed source address from peer

and traffic will be dropped.