Just to restate some basic terms that are often misunderstood.....
A VLAN (virtual LAN) is a way to segment your internal LAN network into
isolated different parts. This is an easy way to ensure certain devices/segments can't communicate with other devices/segments. It generally requires a router/firewall device and network switches that can support VLANs.
A VPN (virtual private network) is a way to build an encrypted tunnel between devices/networks/locations, etc. This is different from a VLAN and does not require a network switch that supports it. It does require a device that can host a VPN "server/service". In our use case, this means self hosting the "service" (like OpenVPN) on a device on our network. There is no cost to host this service yourself. Many times this is done at the router or firewall level (obviously requires a router/firewall that can support it), however it can also be hosted by a computer on your network. A self hosted VPN is generally considered the most secure way to access your local network while remote.
A
DDNS (dynamic DNS service) is a way to have a never changing host name that points to your local network's external public IP address - even if it changes (which is likely if you are using a residential internet provider). There is a part of the system that must be hosted on your local network. Again it is often done in the router/firewall device, but can be on another device if needed. It will communicate with the DDNS provider anytime your external public IP address changes so that the provider uses the updated address. For example, you might have a host name like
www.TheAutomationGuy.dyndns.org that you use to connect with your VPN. That host name will never change even though the actual underlying public IP Address might change all the time.