Your are welcome!
I guess it would even be better if your RMS VPN solution could please support Layer 2 functionality - see this discussion: broadcast search layer 2
In that way, PLC guys could reach any device physically connected to the RUT’s LAN. Keep in mind fresh SIMATIC PLCs do not have a IP adress at all.
I know that other solutions like “HMS Netbiter” optionally support this feature - they call it “Allow Bridging”.
BR
Rolf