linux – ARP Proxy second IP of VPS to route it over Wireguard

I have setup a ARP Proxy on my VPS. With this Setup I can route incoming traffic on the second IP of my VPS over Wireguard. This should allow my Raspberry Pi at home to use the second Public IP.

I got this kind of working. Incoming Pings are forwarded over the Wireguard Tunnel to the Pi. But the Pi then tries to answer the Ping via eth0. Is there a way to fix this so it sends the reply Packets also over the Wireguard Interface?

To show this Problem (Both on the Raspberry Pi)

Wireguard Interface:

# tcpdump -i wg_pub
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wg_pub, link-type RAW (Raw IP), capture size 262144 bytes
01:35:02.796522 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 1, length 64
01:35:03.795359 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 2, length 64
01:35:04.810613 IP <Public ip of ping PC> > <Second VPS IP>: ICMP echo request, id 14, seq 3, length 64

Ethernet Interface:

# tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
01:37:11.477589 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 128, length 64
01:37:12.491045 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 129, length 64
01:37:13.505965 IP <Second VPS IP> > <Public ip of ping PC>: ICMP echo reply, id 14, seq 130, length 64

I would like to prevent using a private Subnet on the Wireguard Tunnel.

One way I got this working was to add a static route (ip route add <First VPS IP>/32 dev eth0) and then overwriting the default route (ip route add 0.0.0.0/0 dev wg_pub). But this has the disadvantage of routing all Internet Traffic via the VPS then.