It is sufficient to use dst-nat (port forwarding) on City B CHR to redirect the L2TP connections coming to its public address from the client to the public address of the City A CHR, and src-nat these requests so that the City A CHR would send the responses back to City B CHR. Depending on whether you use plaintext L2TP or an IPsec encrypted one, you will have to forward one or two ports.
So assuming that the public IP of City A CHR is a.a.a.a and the public IP of City B CHR is b.b.b.b, and you use IPsec-encrypted L2TP, you would
- change nothing in the CHR A configuration
- change the connect-to address on the /interface l2tp-client row at the LTE device from a.a.a.a to b.b.b.b
- set the following NAT rules on CHR B:
/ip firewall nat
add chain=srcnat out-interface=ether1 dst-address=a.a.a.a protocol=udp action=src-nat to-addresses=b.b.b.b
add chain=dstnat in-interface=ether1 dst-address=b.b.b.b protocol=udp dst-port=500,4500 action=dst-nat to-addresses=a.a.a.a
I only concentrate on the topic-related setup at CHR B. Of yourse you need to complete the basic setup first, i.e. put some firewall filter rules to chain input to protect the CHR from unauthorized remote access and configure the IP address and default route (or set up the DHCP client to take care of that).
If you do not use IPsec-protected L2TP, just change the dst-port value from 500,4500 to 1701. The grey part of the other rule is optional - if CHR B has no other purpose, you can omit that.