Hi,
so the first issue you had: two VMs on separate networks (vnets) connected via vrouter do not ping each other is now solved - right? VM1 pings VM2 and vice versa? Is that correct?
For the other issue: are you certain that your gateway 100.100.100.1 is NOT dropping packets due to them being on a non-routable private non-public network ranges? In that case you need to have NAT. If you are certain that it cannot be the problem then because the vlan is involved I suspect that vlan tag is not set on that interface and it is ignored on the public network…not sure - it needs further debugging.
There is a way how to get inside the vrouter - passwordless login via ssh key… Prepare ssh key pair and insert the public key in the context tab like is described here: https://docs.opennebula.io/appliances/service/wordpress.html#ssh-keys
then you can do:
apk update
apk add tcpdump
tcpdump -i eth0 -n -e -vvv icmp # or something similar
Now let VM1 or VM2 ping the public gateway 100.100.100.1 and investigate if the packet is truly leaving the public interface on the vrouter and if it has vlan tag assigned (from the tcpdump output)
If it looks all ok then go to the public gateway and run tcpdump there (in the same way just adjust the interface) and look if you see the packets there arriving…
I am not sure if vrouter was tested with a vlan configuration, so I am just trying to point you to the right direction.
UPDATE: maybe my previous tcpdump example was not ideal (https://christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php) so I would try it also like this:
tcpdump -i eth0 -n -e -vvv 'icmp or (vlan and icmp)' # or something similar
-osp-