I have done some more research into this and it seems that we can create a Peer-2-Peer
VPN connection as long as one of the sites has a public IP address.
So the client can be behind the CGNAT but can still call the Server which has a public WAN IP available.
However if both the sites are behind CGNAT, then you have to look at another option like Zerotier or a
VPS serving OpenVPN server etc.