Slightly off-topic but this explainer article on how TailScale traverses NATs/firewalls is interesting.
Tailscale fools both endpoints into believing they are initiating the same network connection simultaneously enabling direct connection between 2 endpoints that would otherwise be impossible.