Don't open any ports in your router to forward RDP to the inside. Port will be scanned, found and exploited in no time. Always keep attack surface minimal. For starters, keep only one UDP port open, that for VPN. I got a couple systems on the internet that I watch very closely and not a minute in the whole year goes by where I am not scanned or attacked.
For that you need a firewall with VPN capabilities, I prefer OpenVPN. Computer in the field connects to that and is pushed a network route to the internal network, over VPN. Then you can securely access your stuff.
If you have never done this you are looking at a steep learning curve and about 4 weeks investment to get from understanding word salad to first good working VPN. In the case of OpenVPN, do not stop before you learned why tls-auth or tls-crypt is necessary as added protection, and have implemented it.
Download and install the server package for os of choice. Download and install the client for os of choice on clients.
Setup a dynamic dns pointer to use, and make sure that you forward one of the softether ports to the server from your router/firewall. 443 is likely not blocked by your provider.
I forward the Wireguard port from my Telekom router to a gl.Inet Router (up from 30 Euro/$) where I enable the Wireguard VPN server. This is ultrafast (propably the fastest vpn protokol) and ultra easy to setup (just enable and copy the client passphrase over to a Wireguard client).
After connecting, a laptop or smartphone via a DynDNS hostname (provided by gl.inet) behaves like it would do on your lan directly. You can securely use smb or rdp or any other way to access home lan devices. When using an open insecure hotel wlan, everything is encrypted over your home internet access,
I use an AX 1800. Today I would buy the 1300 due newest Openwrt support with features like Mesh,
Table of Hardware This is the main Table of Hardware, listing all devices that are supported by OpenWrt. ---------- Using the Table of Hardware * Sort the columns by clicking the column header * Enter your filter criteria in the white fields