MikroTik

So I have this situation. At my friends house in remote location we're trying to set up video surveillance with IP cameras. Only possible internet connection are nearby town where lives relatives of my friend. We made bridge over two RB711 from town to friends home and set up local network bridged with relatives network in town. Logically I'm trying to make remote connection possible to video surveillance system. My problem is that provider in town is already giving NAT-ed addresses and I can't make any port forwards from real internet IP address to our surveillance system. So, I'm interested if it's possible to somehow make tunnel from one of installed RB711 without any port forwards or real IP addresses to remote Mikrotik, potentially RB2011 with real IP address?

You would need access to one router with Public IP. Then, from the router of your friend, create a VPN tunnel giving IP address on the first router with the Public IP. From there you can use dst-nat to access whatever device you want.
For example, you have a router "A" with public IP 1.1.1.1 and router of your friend "B". Create a VPN server on router A and connect router B to A through VPN giving address 10.10.10.10. Now you can do a dst-nat from 1.1.1.1 to 10.10.10.10

You'll need to make your router that connects to the ISP start a tunnel such as PPtP or L2TP, and use some other endpoint where you have a static public IP (or at least a DDNS hostname and a public IP).

The private IP router will be the client and the other router will be the server - this way, since your private IP router is always the one trying to begin the connection, it should be able to punch its way out through NAT.

L2TP would be the better choice, in my opinion.

Thank You both, I'll try to make tunnel over L2TP and I'll post report after few days.

Thank You one more time, guys, my test tunnel is working an is unbreakable, I hope that setting up real tunnel will be so esay and stable as this.