here is a little bit more background config …
ive running three xenserver each with two network cards in active passive bond, one NIC is connected to the first vyos router and the other one to the second vyos router
if one vyos router failes the another one should take the work - for this i need vrrp in the next config step.
you wrote:
But you only have 2 networks. 172.16.0.0/24 and the 10.0.0.0/22, at least that’s what I see above
yes because the 10.0.0.x network with the IP 10.0.0.254 is nessesary for the Windows Clients to have the GW IP 10.0.0.254 - this is the IP on the Vyos. All traffic on that interface should the router forward to the outgoing gateway address 172.16.0.254 which is not work at the moment.
tried to use monitor traffic one eth1 which is the outgoing interface to the firewall but i didnt seen packages that the vyos did forward to the firewall O_o