I’d have the clients connect to the central server in a hub-and-spoke VPN topology using something like WireGuard say.
Use the central host as either a jumphost or configure your personal devices to also connect to it via VPN and have it handle routing so you can connect directly to the clients once you’re connected to the central server.
Thid is a somewhat standard topology so no need to reinvent the wheel.
I’d have the clients connect to the central server in a hub-and-spoke VPN topology using something like WireGuard say.
Use the central host as either a jumphost or configure your personal devices to also connect to it via VPN and have it handle routing so you can connect directly to the clients once you’re connected to the central server.
Thid is a somewhat standard topology so no need to reinvent the wheel.