I also have a similar setup to maiskanzler. But I use iptables to forward the traffic over wireguard and I am able to preserve the original client IP by not snat the packets. I then have to use policy based routing to make sure that traffick goes back out through the wg tunnel.
I'm happy to share info on how to get this working.
Maybe try creating a new virtual network with a different subnet?
I had the exact same issue! I was going crazy troubleshooting this, anyway it turned out to be the firewall on my arch install. I disabled ufw and everything started working as usual. I really should enable the firewall again and check what rules are screwing it up.
I'm not sure what the best way to share this info is. I'd love to write up a blog but not sure how long that would take. I suppose I could just share the wireguard configs here as they include the iptable commands. Will do that tonight when I get a chance.