For Dave from Greenhaven, I still think TailScale.com would be the least hassle. It would deal with the NAT router issues (shared IP address), would encrypt traffic between the 2 Macs, and make it simple to just use built-in macOS Screen Sharing.
I get the impression that Dave from Greenhaven works in a small business, or has his own small business, and does not work for a Fortune 500 company. So setting up a VPN server at work would be a big hassle. That is why TailScale.com would be ideal for Dave, as it would give him the benefits of a VPN, without the hassle of setting up his own VPN server.
On a personal note, I do work for a Fortune 500 company, and we have to use the Cisco AnyConnect VPN client to access work. Before I started working from home full time, I would the same things Luis does. My work Mac had a corporate IT assigned fixed IP address with a corporate assigned domain name.
I would use Cisco AnyConnect to connect to work, then Finder -> Go (menu) -> Connect to server-> vnc://corporate.assigned.domain.name
But I do not think Dave has that luxury, and has to be his own IT guy.
The other approach, if Dave can ssh into his work Mac, is to set up a VNC tunnel.
ssh -L 59022:localhost:5900 address.that.connects.work.mac
Then Finder -> Go (menu) -> Connect to server-> vnc://localhost:59022
The fun part is making the ssh connection.
For my Macs at home and when connecting to my Mom’s Mac, I have to configure my home router to port forward a high numbered port to the inside the house Mac’s ssh port 22. Then I can use an ssh tunnel
ssh -p high-numbered-port -L 59022:localhost:5900 home.router.ip.address
And the Connect to server -> vnc://localhost:5900
to make life easier, get a free dynamic DNS name from No-IP.com, but that then requires running software in the destination Mac to to keep the dynamic DNS name up to date if the ISP assigned IP address changes.
All in all, TailScale.com is much easier to setup and operate for a small business or user that needs to “Phone Home” while away.