I am not familiar with nextcloud, but generally you are right: VPN is the right solution to give your parents access to services of your network. Just make sure that your VPN server would be accessible from the Internet.
Some people have
private IP addresses, so they can't create VPN server.
Also make sure that their local network has different addresses. If your server happens to have same IP as their router (192.168.1.1 for example) you will be in trouble)
Another approach would be Windows machine with RDP access (I assume they are using Windows), but VPN is better.
Windows only supports IPSec/IKEv2 out of the box. On Linux side you can use
StrongSWAN for IKE, but there is
a free OpenVPN client for Windows.
While IKE is more flexible, it is much more complex and harder to configure and debug. So, install OpenVPN client on Windows and use it
Here are some ideas no how to secure it:
* Use Server Mode instead of p2p (static key) mode. With Server mode OpenVPN implements
Perfect Forward Security: keys are changed automatically.
* If you know your parents IP address, then only allow access to your VPN from their IP (using iptables or something like that).
* Use some random port: not 443 and not 8443. Networks are scanned by robots constantly