simophin:

 

So your suggestion won't work in the OP's case. There's no way to forward the request to a connection behind the CGNAT. 

 

Did I mention remote forward? You establish connection from home to the VM and the ssh does the port forwarding for you:

ssh -R 80:localhost:80 -R443:localhost:443 root@public_server -NC -g

Note you need to have gateway ports turned on on the server.

If you need UDP you will have to set up VPN but I find ssh so much easier if you only need to do TCP stuff.

Love zerotier too but I find the ssh method much faster, especially with the use of weak/hardware accelerated cipher for the https traffic.

 

You're right, it can be done this way. Or with Zerotier, or Tailscale.

We are getting away from the fundamentals though. The OP needs to balance their knowledge/willingness to run a VM, maintain it updated, etc. Or investigate the reason why using wireless - is it fibre not an option?

There are things that we would need to know before giving one solution - as it sits at the moment it can be done in a variety of ways but we don't know for sure which one is best for the OP. I hope we will find out more soon.