But VPN A has to relay the request for facebook.com to VPN B, meaning that VPN A has to be aware of the user's final destination. If my interpretation of this is incorrect, then how does VPN B become aware of the request for facebook.com?
VPN A knows there was a request to VPN B, that's it. The request is encrypted on twice the client. VPN A removed it's encryption but is only left with an encrypted request to VPN B. VPN B then removes it's encryption and then forwards the request to fb.com.
VPN A only sees a request to VPN B. Because of that they don't need to know anything about the final destination or even that there is a final destination beyond VPN B.
VPN A receives a packet that says "carry this (encrypted_ payload to VPN B Gateway IP". VPN B Gateway receives that packet and decrypts the payload. The payload says "send this (encrypted) payload from VPN A customer IP to facebook.com".
VPN A IP: 4321
VPN B IP: 6543
---
Unless I'm missing something, the request would go like this:
VPN A sees that 1234 is going to facebook.com
VPN B sees that 4321 is going to facebook.com
facebook sees that request is coming from 6543
Am I misunderstanding the technology, or didn't VPN A see everything?