@c-ta From a PC behind the ER7412-M2, can you ping the cameras? Just to show that the Site to Site VPN is functioning between the routers. 

Thanks for the reply, @NeilR_M !

Yes, I can ping the cameras from the local network. Everything works fine if the cameras OR the ipad is in the local network. So it works if 1. the ipad is in the local network, and the cameras are connected trough the 4G router, using VPN, 2. the cameras are in the local network, and the ipad is connected trough VPN. But it does not work if both sides (cameras and ipad) are outside, and connected trough VPN. This case I can't ping the cameras from the ipad, but I can ping all the cameras and the ipad as well from any computer in the local network.

  @c-ta When setting up the Site-to-Site VPN between the routers, did you ensure to specify the VPN subnet as well as the LAN subnet when it comes to Local Networks? Please see the screenshot as an example; there are two subnets specified in the local networks, with one of them representing the VPN subnet.

  @NeilR_M Well, I do not. I use the "Network" option at "Local network Type", with LAN selected. My local network (LAN) is 192.168.1.0/24. This is not the way? Should I do a separate local LAN/subnet for the VPN at Network/LAN?

  @c-ta 

You will need to manually specify the subnets with the "Custom" option as above - then you can include anything you want.  Other subnets, VPN subnets the router knows about, things upstream of the WAN port...  Its much more flexible than "networks" which is gateway interfaces only

  @c-ta As GRL said, please use the custom IP to specify your LANs.

  @NeilR_M , GRL, thanks for your helpfulness, much appreciated! Unfortunately it seems I can't understand how to do it :( I also can't see why I do an additional LAN.

This is what I did originally (the closest I could get to my goal):

Network/LAN

192.168.1.1/24

IPSec Client-to-LAN (for my ipad)

Local network: 192.168.1.0/24
IP Address Pool: 192.168.3.0/24

ipad gets: 192.168.3.1

IPSec LAN-to-LAN (for remote cameras trough the 4G router)

Local network: 192.168.1.0/24
Remote Subnet: 192.168.2.0/24

4G router is: 192.168.2.1

Camera gets: 192.168.2.193 (from the 4G router)

This way I can ping everything (192.168.3.1, 192.168.2.1, 192.168.2.193) from my computer (192.168.1.83). The only thing I can't do is to reach 192.168.2.193 (or 192.168.2.1) from 192.168.3.1 (camera from ipad)

If I understood correctly, you recommended to create a separate LAN for IPSec LAN-to-LAN. I created 192.168.10.0/24 in Network/LAN section. Then I added two Local Networks (192.168.10.0/24 and 192.168.1.0/24) with the cusotm IP option to the LAN-to-LAN IPSec policy. Also changed the remote nework to 192.168.10.0/24 on my 4G router's IPSec configuration. This case IPSec connects, but I can't even ping 192.168.2.1 (4G router) or 192.168.2.193 (Camera) from my computer. I can ping 192.168.10.1

  @c-ta 

All you need to do is add the IP ranges of your other vpn clients to the VPN

If, say you have an IPSec, OpenVPN or L2TP vpn already for remote stuff, lets say you specify you put them on 172.16.0.0 /24 in that particular VPN settings as IP pool, like this

If you want ANOTHER VPN to be able to access those clients for 2-way communication across the VPN, you need to add the opposite VPN  pool into Local Networks - Custom, like this

Each VPN needs to have the other VPNs IP pool or Remote subnets included as a Local network

  @GRL Got you, it makes sense, but does not work :(

Here is how it looks now. Hope I understood everything correctly. Please let me know if you see any mistake. 

Client 2 LAN config:

LAN 2 LAN config:

And how does it look when connected: