Totally agree with the mentions of Wireguard and Tailscale. They make this super easy. Have done exactly this myself before, for the same use case.
However at the time, i had to change something in the server-properties config file in order for it to work properly. Minecraft servers still authenticate users when hosting yourself (afaik). This however isnt possible over a mesh netowrk like wireguard/tailscale. I simply had to change a boolean value of the line called something like, server-online, or online-mode..
Best of luck!
Linux unplugged (podcast) covered this news pretty well where you get to hear both sides of the case. It's pretty interesting, would defo give it a listen for full story.
@Sunny
@slrpnk.net