Without having too much knowledge in proxys: Especially since NATs are so widespread, I think, you’d need something like tailscale/Nebula/ZeroTier (or simply some Wireguard connection) for this.
A service like tailscale will solve the connection to your home net automagically. You are however stuck without routing from friend-net so you cant access homenet devices directly
You can solve this by setting up a reverse proxy like caddy on your raspi, and access home-net web-apps and services through that. Like [assigned-friendnet-ipaddress]:8444 or similar.
The reverse proxy would forward this to homenet devices through the tailscale vpn
Agree on Wireguard. It is faster, more stable and most likely more secured than SSH. And it will work with any application (no per-application configuration required).
Without a third party tunneling service, you will need to expose a port in any case (you can setup port-knocking if you want to).
Without having too much knowledge in proxys: Especially since NATs are so widespread, I think, you’d need something like tailscale/Nebula/ZeroTier (or simply some Wireguard connection) for this.
A service like tailscale will solve the connection to your home net automagically. You are however stuck without routing from friend-net so you cant access homenet devices directly
You can solve this by setting up a reverse proxy like caddy on your raspi, and access home-net web-apps and services through that. Like [assigned-friendnet-ipaddress]:8444 or similar. The reverse proxy would forward this to homenet devices through the tailscale vpn
Agree on Wireguard. It is faster, more stable and most likely more secured than SSH. And it will work with any application (no per-application configuration required). Without a third party tunneling service, you will need to expose a port in any case (you can setup port-knocking if you want to).