I'm setting up two PCC endpoints in preparation for load-balancing Wireguard and Pihole servers - at the moment there's just a single server on each endpoint. The servers will be on 172.20.1.0/24 and 172.24.1.0/24 IPs respectively. The servers can reach the Internet, and can ping each other directly, but pinging either PCC endpoint from the servers returns a "Destination Host Unreachable" error. I am able to ping both endpoints from outside the router. Here are my Mangle and NAT rules:

/ip firewall mangle
add action=mark-connection chain=prerouting dst-address=***.***.***.*** new-connection-mark=WG_conn passthrough=yes per-connection-classifier=src-address-and-port:1/0
add action=mark-connection chain=forward dst-address=***.***.***.*** new-connection-mark=WG_conn passthrough=yes per-connection-classifier=src-address-and-port:1/0
add action=mark-routing chain=prerouting connection-mark=WG_conn new-routing-mark=to_VM1
add action=mark-connection chain=prerouting dst-address=***.***.***.*** new-connection-mark=PH_conn passthrough=yes per-connection-classifier=src-address-and-port:1/0
add action=mark-connection chain=forward dst-address=***.***.***.*** new-connection-mark=PH_conn passthrough=yes per-connection-classifier=src-address-and-port:1/0
add action=mark-routing chain=prerouting connection-mark=PH_conn new-routing-mark=to_VM2
/ip firewall nat
add action=dst-nat chain=dstnat routing-mark=to_VM1 to-addresses 172.20.1.3
add action=src-nat chain=srcnat src-address=172.20.1.0/24 to-addresses=***.***.***.***
add action=dst-nat chain=dstnat routing-mark=to_VM2 to-addresses 172.24.1.3
add action=src-nat chain=srcnat src-address=172.24.1.0/24 to-addresses=***.***.***.***