SoftEther VPN has a solution. SoftEther VPN Server has the built-in Dynamic DNS and NAT Traversal functions. Static IP addresses are no longer required to set up VPN Server. Even global IP addresses are no longer required. SoftEther VPN Server can be set up on the private IP address behind the NAT.
Legacy IPsec-based or OpenVPN-based VPN Server cannot placed on behind the NAT, because VPN Clients must reach to the VPN Server through the Internet. Some NATs can be configured to define a "DMZ" or "Port-mapping" to relay any packets toward the outside IP address of NAT to the internal VPN Server. However it has a compatible problems. Moreover it requires a special permission by the administrator of the NAT. If your network administrator of the corporate are not cooperative to you, he hesitates to set up the NAT device to open a hole from the Internet.
Unlike legacy VPNs, SoftEther VPN Server can be set up on a private network behind the NAT. No special configuration on the NAT device is required. You need no permission by your network administrator of the NAT. The built-in NAT Traversal Function opens a "Punched Hole" on the NAT or firewall. When the VPN Client or VPN Bridge attempts to connect to your VPN Server behind the NAT, the connection packets will be lead through the hole. The hole is created by the SoftEther VPN Server automatically, so you need nothing special on the NAT.