Two routers with a perfectly functioning wireguard tunnel between. Router1 inside systems can reach Router2 inside systems and vice versa without difficulty. The internet service (Starlink) at Router 2 does not accept inbound connections so attempting to public NAT at Router1 and leverage the already in place FW and routing rules for the functioning WG tunnel.
Looking for approach recommendations.
Running ver 7.4 on both.
What I have tried:
1) Direct NAT and Router 1 to private address at Router 2. Issue with this is the source address in the packet captures at router2 is the public device initiating the connection. Return route does not use the WG tunnel.
2) NAT to an unused bridge address at router 1 and forwarding via a static route to the target address at router 2 and the inverse of this. I see the NAT in the log and packet capture. I don't see my translated traffic entering the wireguard interface.