Hi,
It might be possible, but I have not tried this myself. Nonetheless, this will be tricky as you have already mentioned yourself.
You can try using OpenVPN and binding the connection to one mobile interface and the other VPN to the other interface. For instance, when you run OpenVPN client, you can specify an extra '--bind-dev wwan0' option to bind this OpenVPN instance to wwan0 interface. To view your interfaces, run the 'ifconfig' command.
If you are using IPSec, you should be able to specify the interface by editing the Charon configuration file manually via CLI/SSH. The file is /etc/strongswan.d/charon.conf. Just find the appropriate option, uncomment it and change it to your needs. I would suggest trying with OpenVPN clients though.
This way, you should have VPNs on different mobile interfaces.
Also, make sure that you have firewall zones created for your VPN connections and that forwarding is enabled between them. If you are using IPsec, this might be trickier as IPsec does not have a firewall zone assigned to it. You will need to create a traffic rule and match IPsec traffic via extra argument '-m policy --dir in --pol ipsec'. This policy matches IPsec traffic coming in from your defined zone (since IPSec does not have a firewall zone, you will need to match IPSec traffic from WAN zone and allow it to pass to LAN and other VPN zone (2 rules)).
Also, ensure that the second VPN is your default route so that packets that do not match any local networks are forwarded to that VPN.
Please keep me updated on whether you were able to make it work or if you encounter any issues.
Kind Regards,
Andzej
