The general principle is there is a server that both parties rendesvouz through. It gets packets from both parties that connect to it. It can see in the packets the IP address, port, and other header junk needed for NAT in order to talk back to both parties. It sends that data to the parties themselves so they can talk directly to each other using those same NAT holes that were punched outbound to the server, while the server holds that open. This works everywhere including over CGNAT, double NAT, etc.