Sorry for my inpatient, the full tunnel did works. It takes more time to propagate then I thought, about 5mins in my environment. Set egress gateway to 0.0.0.0/0 and add DNS to client profile along with AllowedIP to 0.0.0.0/0, then wait it to propagate. At first I thought that if the firewall rule has been added by netmaker then it should work, but it seems still have some background works to do before it will route traffics through egress gateway. Thanks for the help. But another question is that the firewall rules will not been deleted after I delete the egress gateway, only happened when I delete the network, is this by default? Thanks, I like netmaker more and more now.