I agree, a static, public IP is the most straightforward way. There are some vendors who resell verizon/att and do not charge the static IP fee. We have used one. Although the first "sim" card we received for our 4g router was not setup with a static IP, we had to get them to reconfigure our service as they agreed.
The problem with most cell service data plans is the IP addresses are all NAT'ed. Same as you do with your home router, if you wanted to access your camera at IP 192.168.0.11 you would need to access your public IP and set a port forward in your router. While dynamic dns services can take care of your changing IP, the main issue is that cell carriers IP's are not public, regardless what they are they are "private" (NAT) on their network and not publicly routable. And they will not set up forwards for you. A 4g device can only initiate a connection outbound, once established, then data (internet) can be received. No one can ping or access your phone/router etc from the internet over its private IP.
From a carrier standpoint, it allows them to provide service without using more IPv4 addresses, and there are security benefits. From a customer view, for us, it is a major issue.
There IS a workaround, though, it is a lot of work but we have played with this. If you have a small PC (Intel NUC, RPi, etc) on the customer's end, you can set up a reverse SSH tunnel using autossh, once the tunnel is created (you will also need a relay server which is accessible on the internet) you can create a SSH connection into the relay server from your remote location and port map from your local PC to the camera behind the cell carrier NAT router and access/look at your camera. Autossh will monitor the tunnel and restart it if the connection is dropped, or the carrier changes the IP address. A VPN can work similarly but the reverse SSH tunnel is, in effect the same as a VPN without the overhead.
The static, public IP is **much** easier and reliable, if you can get one.