on Mikrotik L2TP + IPsec server, on a laptop from home \ business trip, etc. standard L2TP+IPsec client. You do not need to forward anything additionally, you will connect directly to the working network.
Here, for example .

In order to avoid crooked blocking (for example, in resorts) - it's probably worth looking in the direction of SSTP - no admincheg will block port 443.
Mikrotik quite knows how to do this regularly in a couple of clicks.

If 1C is used in file mode and documents will be edited directly on the ball, then RDP is better. It will be more reliable for files when the connection is broken. In addition, it is easy to work from smartphones and tablets, which also happens sometimes.
And VPN is better to hang up on port 443, as they wrote earlier. In hotels abroad, ports are often whitelisted and vpn is not included there.

I to myself have simplified the task in approximately a similar situation.
I took a VPN with a white ip from vp-next.com. This is essentially the same VPS, only already pre-configured, with a vpn server (softether). Of course, you can do it yourself, but it's easier that way. Again, there is no need to monitor security and nothing shines openly on the Internet. The server is connected to this vpn and the director with the accountant connects from anywhere. For them, this server is obtained as in the internal network. Bypass blocking - a bonus.
The price is the same as VPS for rent.
Here they have an article https://vp-next.com/remote-pc-connection/ about connecting via vpn. There is certainly more water. But even so, everything is clear and simple. I also connect managers from time to time when on a business trip or when someone is sick.

I can recommend hydemyname. Good and relatively cheap vpn. The most thrill for me is that any applications go through a VPN, and there is also the ability to connect 5 devices at once. In the current situation, a very good option. If you also sign up using my link, it will be super. https://hidemy.name/#623cc3f4de403