I can't replace/reconfigure the router I'm behind right now, so I set up a Wireguard VPN. A $5/mo DigitalOcean droplet is the "hub", which then has point-to-point connections through Wireguard to each of my devices. They all get their own IP addresses through the network—I used the 10.101.101.0/24 subnet for memorability—and since I manually allocate IP addresses, I can actually remember which one is which! Then they can talk to each other through the VPN, and if anything wants to be accessible from the public internet, Nginx on the DO droplet reverse proxies to it. My favorite advantage is that my phone/laptop always have access to my devices at home, even when roaming. Plus, in theory, I could relocate any device to another network with no downtime except the time it takes to physically move it and plug it back in—I haven't tested this yet.
The one downside I've encountered so far is that I often have devices sending traffic from home network -> droplet -> home network, since they "don't know" that they're actually on the same local network, and exclusively communicate through the VPN. My ping to DO's datacenter is low enough that this hasn't really bothered me, though.
Not as popular as Wireguard, but Tinc VPN is a mesh VPN where each client is also a node. I've got it running on my actual router (pfsense), so my phone will then attempt to connect to the router node when I'm on my home network so any connections will stay in my home network. And then for everything external I can have it go through a VPS (or multiple) like you.
The one downside I've encountered so far is that I often have devices sending traffic from home network -> droplet -> home network, since they "don't know" that they're actually on the same local network, and exclusively communicate through the VPN. My ping to DO's datacenter is low enough that this hasn't really bothered me, though.