Could you draw a diagram as its not clear to me what is where doing what?
If the MT is getting a private IP then it cannot be used as a SERVER for the initial connection UNLESS the ISP router can forward the listening port etc.
Then there is the issue if the MT is used for its internet access in which case one has to be able to (for return internet traffic) either create a static route from the ISP router to the MT,
OR, have the MT source-nat the traffic from the remote site heading out to the internet before it reaches the ISP router.
I've added the diagram. Wireguard peer on mikrotik router as "client" and wireguard on vps as "server". The goal is forwarding mikrotik services port (winbox, ssh, www) to vps, so I can remote it via the internet.