Even in a NAT-less world, the common advice is to use a firewall rule that disallows incoming connections by default. (And I'd certainly be worried if typical home routers were configured otherwise.) So either way, you'd need the average person to mess with their router configuration, if they want to allow incoming P2P connections without hole-punching tricks. At best, the lack of NAT might save you an address-discovery step.

> the common advice is to use a firewall rule that disallows incoming connections by default.

That's good advice! But firewall hole punching is also significantly easier (and guaranteed to work) compared to NAT hole punching. Address discovery is part of it, but there are various ways to implement a NAT (some inherently un-hole-punch-able) and only really one sane way to do a firewall.

> you'd need the average person to mess with their router configuration,

At least with IPv6, that firewall is likely to exist in the CPE, which sophisticated users can then ideally open ports in (or which can implement UPnP/NAT-PMP or whatever the current name for the "open this port now!!" protocol of the decade is); for CG-NAT, it's often outright impossible.

UPnP has covered a huge percentage of use cases that actual users care about, and those who it doesn't cover are often able to do their own customization.

upnp should not exist. Any new router default disables it, as it should be.

Care to elaborate? Non-sophisticated users don't deserve IP reachability?

I used to have it enabled long ago. It's insecure. Random cheap devices will open up ports with upnp without the user noticing. It doesn't work that well either, cause hosts will conflict on ports. P2P applications have better ways to establish connectivity.

Hole-punching tricks work fine. They don't work at all of both users are behind IPv4 NAT/CGNAT.