I've configured 2 wireguard interfaces this way:
config interface 'wg0' option proto 'wireguard' list addresses '10.0.0.4/32' option private_key 'PRIVATE_KEY' option listen_port '55656' option metric '4' config wireguard_wg0 option public_key 'PUBLIC_KEY' option route_allowed_ips '1' option endpoint_host 'master.server.com' option persistent_keepalive '0' list allowed_ips '10.0.0.3/32' list allowed_ips '0.0.0.0/0' option endpoint_port '55655' config interface 'wg1' option proto 'wireguard' list addresses '10.0.0.1/32' option private_key 'PRIVATE_KEY2' option listen_port '55655' option metric '1' config wireguard_wg1 option public_key 'PUBLIC_KEY2' option route_allowed_ips '1' list allowed_ips '10.0.0.2/32' list allowed_ips '172.17.1.0/24' option persistent_keepalive '0'
So wg0 is WAN VPN connection over the physical WAN interface, it works as wireguard client.
And wg1 is a bridge VPN to other location, it works as wireguard server.
The problem is that only one connection can work at the same time. After any of these is up the second one can't make a handshake. Connection tracking for physical and wireguard WAN's is enabled. Other local services like FTP or HTTP are working fine on physical WAN with any wireguard interfaces connected, so this is not a routing problem.
Any ideas what could be wrong here?