Hi,
I have a CHR on AWS, and a physical router at home. I have setup a WG server at home, so I can connect my devices to home (road warrior) when I am on the go.
I also have devices at home (such as Apple TV) that I want to go through a WG tunnel (S2S) connecting to the CHR endpoint that is set up on AWS.
I tried to setup a second WG interface on my home router, but apparently only one can be running at any time? Am I correct to understand this?
You can have more than one interface but obviously with unique listening ports.
Newsflash
There is no server nor client with wireguard.
Only peers.
Irrelevant to the issue described in the contents of the first post.
Yet very relevant to title of the post…
Lets not bicker and provide facts.
For the connection instance, there has to be an initiating side (pseudo client) and an initial receiving side (pseudo server).
Once the connection is established we have a TWO-WAY peer to peer tunnel to use.
What determines the pseudo server and client? Well usually its clear in that one end of a connection has to meet the wireguard requirement of having a publicly accessible IP address, OR one end is behind an ISPs modem/router where one can AT LEAST forward the chosen wireguard port from the ISP modem/router to the mikrotik device.
In the case where one has lets say TWO REACHABLE mikrotik routers at both ends, then yes either or both can be set up as the initiator or receiver.
I think the advantage here is that it may overcome the deficiency of the initiator, at least in the mikrotick schema of wireguard, in that if the receiver side changes their IP, (think dynamic IP) or power is lost for a bit of time, then there is the possibility that the wireguard tries to connect before the IP address has resettled. The result is no connectivity as the wireguard does not persist on trying. Work arounds are available on scripts but it would be easy for mikrotik to address this within the wireguard module of code or an interface code.
Regardless, if both ends can initiate, then I suspect continuity of the connection may better survive an interruption due to this phenomena.
To answer your question you have two options.
a. do everything from the same WG interface at home OR
b. use two tunnels, one to reach home and one to reach CHR from home.
Both are possible for the most part, but without knowing the full requirements its still a guess.
So need better set of requirements (what do users or devices need at home need wrt wireguard, what do road warriors need (assuming just the admin), etc..
A network diagram helps and finally
FULL config of both CHR and home mikrotik is required ( less of course any public WANIP info or key info )
Exactly. My initial preference was to go with option b.
Both are possible for the most part, but without knowing the full requirements its still a guess.
So need better set of requirements (what do users or devices need at home need wrt wireguard, what do road warriors need (assuming just the admin), etc..
A network diagram helps and finally
FULL config of both CHR and home mikrotik is required ( less of course any public WANIP info or key info )
Will send them tomorrow.
Newsflash
There is no server nor client with wireguard.
Only peers.
Valid point.
You can have more than one interface but obviously with unique listening ports.
You think I’d be alert to keep something as simple as that in mind while configing the second “peer”.. I wasn’t! 
The above link was an absolute gem! thanks