IAX Connection Failures with Site2Site / Double NATing

Good Morning - Requesting some guidance on proper deployment of GL-300s and a BRUME router for Site-to-Site for IAX Connections.

Site A: GL300 Router
WAN to private IP 10.236.0.x/24
LAN set to 192.168.72.x/24

Site B: GL300 Router
WAN to Private IP 10.243.0.x/24
LAN set to 192.168.43.x/24

Site C: BRUME Security Gateway to
WAN Configured to use ISP’s provided Static IP
LAN set to 192.168.243.x/24

I have attempted to use S2S between all devices, and for the most part functions just fine… I have ports forwarded to/from the units so that I can reach the router Web UI from the public with forwarded ports for HTTP/S. However, my key issue is that I am running into double NATing. Some endpoint devices believe the GoodCloud “SD-WAN” internal IP 72.30.x.x is the public IP, and endpoint devices (IAX / Asterisk using ports around 4560-4569) from site A or B simply will not connect because the first NAT (172.30.x.x) does not match the public IP address in the IAX Node list.

I need Site A and Site B to pass/receive IAX traffic through Site C’s Security Gateway “transparently” where the endpoints will see Site C’s router and Public IP.

I have attempted both OpenVPN and Wireguard all around with same results. Even installed ZeroTier through LuCI. No go. Have since disabled ZeroTier within LuCI. [Edit: If Goodcloud isn’t the proper ‘mode of transport’, please advise perhaps WG and OVPN successes]

Would anyone have any guidance in this aspect? Anything at all about doing away with double NATing with the GL.iNet ecosystem is a win at this point.

Thanks very much for your time!

Is it possible to add 172.30.x.x to the IAX node list?