According to How Tailscale works and How NAT traversal works by Tailscale, they apparently have some advanced and open source methods for punching through NATs without UPnP and NAT-PMP including people stuck behind CG-NAT.
What do you think about the possibility of using those techniques to increase the number of clients able to get direct connections instead of relying on relaying?