How to release IP cameras to the Internet through 2 Wi-Fi routers and provide everyone with a single address space?

Actually the question is - the
Internet enters the building through a Wi-Fi router (Mikrotik), R1 in the diagram. Clients receive Internet via Wi-Fi and by wire.
One cord goes to another part of the building, a second Wi-Fi router (Mikrotik) is connected to it, R2 in the diagram. IP cameras (Panasonic WV-SW316) are connected to it.
I subconsciously reject the decision when a double NAT translation occurs with all my might, since all sorts of R (M / S) TP protocols will add problems for transmitting a picture.

Task:
1. Get the opportunity to watch cameras through the Internet, with protection from prying eyes
2. Provide Wi-Fi Internet for employees in both parts of the building
3. The local area should be shared - the main R1, the second only distributes the Internet from R1 and provides ports, without routing as such .
As implemented now - on the second router, the link comes to the second port, not "WAN" (default settings, only changed the ip pool and addresses), disabled the DHCP server on it. The cameras themselves are plugged into other ports.
On the first router, an L2TP server was raised, a VPN connection and camera viewing. Is there a better option or is it perfect?
Everything works here, the incompleteness of the solution torments me.
With the second router, the problem is how to rewrite the configs so that it uses all ports as a switch, while letting the Internet into Wi-Fi without any NAT. In fact, the second Mikrotik is needed only as an "extension" Wi-Fi and a switch.