Fix dynamic route v6 NAT rule not cleaned up on removal

removeFromServerNetwork and CleanUp hardcoded useNewDNSRoute=false
when building the router pair for RemoveNatRule. This meant the
destination was a Prefix (0.0.0.0/0) instead of a DomainSet, so the
IsSet() branch in RemoveNatRule that removes the v6 duplicate never
triggered. The v6 NAT rule leaked until the next full Reset.

Store useNewDNSRoute on the Router from UpdateRoutes and use it
consistently in removeFromServerNetwork and CleanUp, making add
and remove symmetric.

client/internal/routemanager/server/server.go

@@ -21,6 +21,7 @@ type Router struct {
 	firewall       firewall.Manager
 	wgInterface    iface.WGIface
 	statusRecorder *peer.Status
+	useNewDNSRoute bool
 }
 
 func NewRouter(ctx context.Context, wgInterface iface.WGIface, firewall firewall.Manager, statusRecorder *peer.Status) (*Router, error) {
@@ -37,6 +38,8 @@ func (r *Router) UpdateRoutes(routesMap map[route.ID]*route.Route, useNewDNSRout
 	r.mux.Lock()
 	defer r.mux.Unlock()
 
+	r.useNewDNSRoute = useNewDNSRoute
+
 	serverRoutesToRemove := make([]route.ID, 0)
 
 	for routeID := range r.routes {
@@ -91,7 +94,7 @@ func (r *Router) removeFromServerNetwork(route *route.Route) error {
 		return r.ctx.Err()
 	}
 
-	routerPair := routeToRouterPair(route, false)
+	routerPair := routeToRouterPair(route, r.useNewDNSRoute)
 	if err := r.firewall.RemoveNatRule(routerPair); err != nil {
 		return fmt.Errorf("remove routing rules: %w", err)
 	}
@@ -124,7 +127,7 @@ func (r *Router) CleanUp() {
 	defer r.mux.Unlock()
 
 	for _, route := range r.routes {
-		routerPair := routeToRouterPair(route, false)
+		routerPair := routeToRouterPair(route, r.useNewDNSRoute)
 		if err := r.firewall.RemoveNatRule(routerPair); err != nil {
 			log.Errorf("Failed to remove cleanup route: %v", err)
 		}