you forward the ssh port on the router (most likely called nat - virtual servers) to your linux server, you can do everything else using ssh port forwarding (works in both directions), moreover, many management and remote administration tools in linux imply that they can connect via ssh connection.
in addition, ssh has a regular vpn

Choose a server that will play the role of a bastion (jump host), that is, a server from which you can connect to other servers.
Throw out port 22 (or whatever you chose for SSH) of this bastion or (jump host).
Add your public ssh key to the servers you are going to connect to and disable password authentication.
Connect to the bastion with authentication forwarding (a flag -Aon the regular ssh client so that there is no private key on the bastion), and from the bastion to the server of interest.
In order not to enter a long command every time, describe the connections in ~/.ssh/config
PS
Magic SSH
Reminder to ssh users

Hmm.. Have you considered a VPN?
IMHO - the most convenient option.
OpenVPN is the most popular solution. The Best of the best in everything but speed.
WireGuard is a newcomer, but has already gained a lot of adherents.
They say that WG is faster than OpenVPN, but I didn't notice much difference.
Where m WG wins is in the ease of setup.