Remotely access mac that isn't directly connected to the web?

I have an old laptop that’s running as a home server - it’s got Plex, it’s a Time Machine destination, etc. I’d like to be able to connect to Plex and connect to it via Screen Sharing while I’m away from home. What’s the best way to do this?

There’s a Raspberry Pi on my network that works as a VPN server & Pi-Hole/DNS server for the network so it accepts all incoming SSH connections, (and port 443, since I have my VPN set up to connect to 443 so it is less likely to be blocked). Could I tunnel through the Pi, then have access to the inside of my home network, or is that too much hassle?

I’m a little wary of opening screen sharing ports to the web, but I don’t have any data to back up the wariness, so maybe I should just do that. Do you all do that?

For Plex, I may just forward Plex ports to the Mac. I suspect Plex is secure enough that I can open the Plex ports safely.

I’ve been looking Tailscale to solve a similar problem. This may work for you without having to worry about patching/keys, etc on the Pi.

If you use Screens or Jump Desktop, they both have ‘helper’ apps that will help you connect to your Mac from elsewhere.

I use this across all my machines and it’s wonderful! Subnet router and exit nodes make it even more powerful.

Tunnelling through the Pi would work. You can map the remote Plex port and then it would be like the server is on the local machine.

This is much more secure than enabling Plug and Play or forwarding the VNC port.

Another vote for Tailscale.

Tailscale looks pretty great, thanks @JohnAtl @bolero & @95omega. It may be overkill for what I need at this very moment, but it has the geek in me drooling, and wondering if I can find a way to make airplaying from outside my home to inside my home useful, or at least a good joke

I do use Screens, so the helper @tjluoma may be the quickest solution.

Bit curious, if your pi already runs vpn software, you already are on your home network when connecting. Ssh-ing into your mac or using any other app to screenshare should work out of the box? I re-read your post, just to see if I was missing anything, but cant see why this would be hard?

Pi + VPN = network access, no need for fancy tools to open up ports, screenshare just works, as will ssh into your mac

Am I missing anything?

Update, taking @JKoopmans question into account.

I thought I had set things up to isolate incoming connections to the VPN and just give them internet access, but I tried connecting to the VPN and then connecting, via IP address, to the local server an dit worked, so I guess it’s just all the Bonjour-like/auto-discovery services that don’t work when I’m connected to the VPN.

Also, Plex is using UPnP and making itself available to the internet, so things seem to be working as expected.

Note that this means any malicious software can open ports on your router. It assumes anything on your network is trustworthy. Forwarding just the Plex port is much more secure.