Consul retry_join lan\wan separation

I am trying to deploy a cluster in two datacenters.
Nodes in both datacenters do not have an interface with routable internet-facing ip. Instead they have a private class-c networks in each datacenter and all nodes have a 1:1 NAT set up, so it’s impossible to “bind” to external IP.

Now when I specify nodes names in retry_join they seem to join both as LAN and WAN servers, which leads to some errors as advertise_addr_wan and the address it is actually bound to are different. So it looks like local servers should not be joined as WAN.

Is it possible to do it somehow? Maybe it’s possible to somehow specify other servirs via go-sockaddr with port?

When setting up a multi-datacenter Consul cluster, you must ensure that all Consul servers in every datacenter must be directly connectable over their WAN-advertised network address from each other.

From your description that doesn’t seem to be the case. In that situation you can use WAN federate using mesh gateways: