I would like to run a Double Tunnel VPN, e.g. a tunnel inside a tunnel. The only link I found was this one, that did not help me very much: WireGuard tunnel inside another tunnel
Plus I do not know exactly what the smart thing is to do, use OpenVPN over WireGuard or vice versa. If anyone has some more information, that would be really helpful.
Why would you do that?
It is actually something you try to avoid because of MTU problems and double performance penalty, not that it is not impossible, just do not set the host routes.
For WireGuard there is even a setting for it in LuCi
Because I do not want my entry-server to be my exit server.
edit:
I also read that public keys and ip-address are stored server side using wireguard. Not a good thing afaict.
Could you have another go at making this make sense?
A public key is (as the name suggests) intended to be made 'public'. All it allows is for data to be encrypted. It's useless without the corresponding private key.
As for IP addresses, if you're connecting from a remote location then that's the end which needs the public IP address in its config.
Sure:
[router]-------[vpn-uk]---------[internet]
[router]====[vpn1-uk]---------[vpn2-de]---------[internet]
that is for security, not privacy.
the point is that when setting up a connection, your wan-ip is stored on the wg-server until it is rebooted or scrubbed (few providers). in the uk-de example the vpn1-uk ip is stored on the vpn2-de server.
Merely route any traffic entering interface A to default route to interface B?
I am not that savvy with routing, but I will take your advice and start testing 
And what purpose is the double tunnel serving? All you've done is move the info that would be needed at [vpn-uk] to [vpn2-de].
Yes, encryption keys are about security, not privacy.
As it is for all VPNs, there needs to be some record of where the other end of the tunnel is so traffic can be routed back...
And your IP is stored on vpn2-de.
To be clear, you're saying that you control the connection between VPN1 and VPN2, correct?
Otherwise, I'm confused how you intended to have traffic forwarded from VPN1 to VPN2.
No, is my logic flawed ?
This part.
I believe so.
Hmm....
---------[UK-connection]
[router]-------------------------------[DE-connection]
---------[UK-connection]
Router: exit-ip = wan-ip
VPN1: exit-ip = vpn1
VPN2: exit-ip = vpn2
I assumed the VPN1-exit-ip was my entry-ip for setting up VPN2, is that not the case ?
No. How would that work when all the connections are starting at your router?
When I visit ipleak.net for example, I get my WAN-ip correct ?
After setting up a VPN, on ipleak.net I get the VPN-ip correct ?
Why would that be different for VPN-DE going through VPN-UK ?
edit: lunch break, afk 1hr or so
It wouldn't. If you connected to VPN-DE the IP reported by ipleak.net would (or should be) the VPN-DE IP. But that has nothing to do with the entry point.
If I understand you correctly:
Even if that worked (which I'm dubious about), it wouldn't solve the OP's 'concerns'. VPN2 will still need to know their local WAN IP and their public key to allow it to send traffic back to them. Changing the routing for how the tunnel gets from their router to the VPN endpoint isn't going to magically hide those details.
Correct:
The IP will be the exit address of VPN1.
VPN1 would merely know it's sending traffic to the IP of VPN 2.
Me too.
Yes, but VPN 2 will still have all the details they were wanting to keep 'secret'. So it's achieving nothing.
Agreed - I didn't say the OP's desire makes sense, but what they desire can be accomplished.
Albeit, the real DST would be obscured to VPN1, the remainder of your statement is right.