I am not entirely sure what there is to say so I reckon I will waffle, if you get something out of it then great.
Some say VPN and some say tunnel and I probably would opt for the latter (if nothing else you can do fun things to work around a lot of blocks- DNS tunneling for instance still kind of works in a lot of cafes, hotels and things that redirect you as soon as you try to look at an external page*). Trouble is I otherwise have VNC and ssh terminals and frankly I am a few years out of schools and any networks that are not my own I probably have unfettered access to anyway so I rarely have to think around problems like you and Satangel seem to be facing. That said windows remote desktop (it is kind of secure but I can not bring myself to have remote desktop facing the internet) is not bad and having your own printer and network shares is nice so VPN might not be all that pointless (and more if you use a lot of web interfacing software).
*these sorts of places will often allow you to do a DNS request- wouldn't you know your traffic consists entirely of DNS requests in the order of full bandwidth.....
SSH on linux (not sure about macs) is trivial as it is probably there from the get go, SSH on windows is pretty poor although you can get some stuff done if you really want (copSSH has treated me fairly well*). Although there are kinds of VNC on linux the proper method is usually seen as SSHing into your machine and running a local X server (and windows has an option in things like xming). Most good SSH setup guides will cover how to generate keys (passworded SSH is nice and all but keys are definitely where it is at) and use of pageant. SFTP comes as a nice perk to a lot of SSH options as well.
*if you are going to do windows SSH I highly recommend a fairly tricked out copy of cygwin be installed (copSSH kind of demands it) and nircmd (
http://www.nirsoft.net/utils/index.html#commandline_utils ) as well as many other things there is pretty useful to have.
Depending upon how you view it though it can be nice to have multiple methods of ingress; very little is worse than sitting at a remote location and watching your sole VNC program crash or have a connection error out and you then have no method of getting back in (worst case scenario I SSH in and force a reboot).
You probably already forwarded ports, whether you want to do triggered ports or timed/rotating ports (assuming you have a nice enough firewall to pull that off) I leave to you.
You say you have a dynamic dns account already, I like to flank mine with a full domain somewhere (stick a cname for a given subdomain to your dynamic DNS) and it has implications for some of the more hackish options as well (tunneling over a protocol).
Frankly though teamviewer is where it is at for the most part and it even has better options for mobile devices; TightVNC has a some paid software ports to IOS and such but not as nice as teamviewer (which is also free). What VNC I use varies with use (some aspects of tightvnc have some interesting abilities like network driven third screens) but a secured (as in optional encryption plugin) ultravnc is my usual jumping off point, I should note I quite often get false positives from AV scanners when I plug various USB drives of wonder in on client computers and it has ultravnc on there (you can do things like send a prebaked ultravnc to a custom and have them call your machine back up with it and you control theirs which troubles some AV programs).