Consider using pwnat to avoid NAT configuration

[Arkanosis]

pwnat is a trick to traverse NAT at both sides of a network connection, without relying on TURN, STUN or ICE.

It has non negligible security implications, such as potentially exposing the client's public IP address to arbitrary hosts behind the same public IP as the server, but offers a potentially hassle-free alternative to regular NAT forwarding that could be especially interesting for ephemeral SSH connections, as well as a relay-free solution to clients needing to connect from IPs that aren't known in advance.