If you control the NAT, you should be able to configure an outward-facing IP address that connects to the desired internal opposite end node address. You may have to use a port number assignment to differentiate VPN packets, much as a mail exchange (MX) packet can be redirected across a firewall.
If your NATted modem is not that flexible, you may be at a loss for doing VPN. But the bottom line here is you must choose how to differentiate VPN packets, readdress them (if needed) and send them inside to the correct internal (10.x.x.x/192.168.x.x private) address.
Bridging is not a concept that plays well with private address spaces because the private address space is what you are trying to keep protected by NAT.
Please give us the answer you adopted so this four year old question can be closed.