Nice writeup. You hinted at it in your conclusion, but a reverse tunnel with autossh is a good fix for the NAT problem. I've been doing something similar for the past couple years, using a Netgear LB1120 as the LTE modem. I love that it accepts two external antennas. Since my setup is in a remote location, I connected a passive omnidirectional antenna to maintain a low-bandwidth link at all times, and also an amplified directional antenna pointed at the nearest tower for a full-strength signal and dramatically increased throughput when I'm on-site (additionally, I can power on the amp via my automation server if I need a boost when connected remotely).

I'm pretty conservative with my internet usage at that location, but data caps are an issue. So far, the only times I've hit mine were the 2018/2019 FIFA World Cups! ;)