Don't open any ports in your router to forward RDP to the inside. Port will be scanned, found and exploited in no time. Always keep attack surface minimal. For starters, keep only one UDP port open, that for VPN. I got a couple systems on the internet that I watch very closely and not a minute in the whole year goes by where I am not scanned or attacked.
For that you need a firewall with VPN capabilities, I prefer OpenVPN. Computer in the field connects to that and is pushed a network route to the internal network, over VPN. Then you can securely access your stuff.
If you have never done this you are looking at a steep learning curve and about 4 weeks investment to get from understanding word salad to first good working VPN. In the case of OpenVPN, do not stop before you learned why tls-auth or tls-crypt is necessary as added protection, and have implemented it.