The remote machine is behind a firewall, but you can create a "port forwarding" rule on your own firewall. You need the lowest latency possible, because you will be running a remote screen control software, and fast interactive feedback is important. You are usually remotely connecting from a specific house or office with a fixed-line internet connection.
Have the remote machine rendezvous directly with your machine through your IP address and port. You can use a dynamic dns solution if your internet IP address changes sometimes.
You can also configure a second tunnel, that works using a cloud rendezvous server, so that remote machine is still accessible when you are not in the specific house or office.