OK: looks like a bug/design choice. Removing the egress route from the docker container, after the wireguard client pulled it's routes makes everything work. I also found that the iptables have a masquerade default so all traffic from the client is masqueraded to the ip address on the host (not a bad thing). So is this a bug or a choice?