@Fred2016
Whatever LTE modem/provider you use, you will likely need a VPN that will traverse Carrier Grade Network Address Translation (CGNAT) for remote access. LTE providers do not normally provide a public IP address.
Tailscale MESH VPN is far far the easiest solution to traverse CGNAT. Tailscale has a free tier with up to 3 users and 100 nodes, uses any number of existing identity managers, and has clients for every distribution on the planet.
Tailscale · Best VPN Service for Secure Networks
You can run Tailscale one of two ways:
1. Run a Tailscale client on a computer that runs 24/7/365 at the remote site and advertise sub-net routes. This can include an AppleTV 4K running at least tvOS 17.3
2. Run Tailscale on a supported firewall distribution.
Using Tailscale with your firewall
My personal preference is open source enterprise class firewall software pfSense.
pfSense® - World's Most Trusted Open Source Firewall
I have two sites, both running pfSense and Tailscale, both on low power fanless Mini PCs running 24/7/365. I can access any device (even embedded devices) on either site remotely without running a separate Tailscale client. Great for remote access and off-site backups. Works automagically!.
In this video, we introduce Tailscale running on pfSense and demonstrate a common site-to-site deployment scenario.
www.netgate.com
LTE Modems:
Obviously, you will need to find a solution that is compatible with your providers LTE bands.
1. Netgear makes an external LTE modem.
Cellular Modems: 4G LTE | NETGEAR
2. Or purchase a firewall appliance that includes the option to add a LTE modem.
Protectli: Trusted Firewall Appliances with Firmware Protection