One easy way that is used by eg a technical family member to fix somebody's computer remotely, is called teamviewer. No port forwarding required on your router.
There are probably a number of easy ways.
Another way is SSH. And you can VNC through that. Though you'd have to know a bit about SSH.
No port forwarding required on your router.
You can use an intermediary computer.
so let's say you have 2 computers
A and B that want to connect to each other, and now add a third computer, X that is the intermediary.
X could be a VPS. A virtual machine, hosted by some company like digitalocean. That can be set up with some clicks. That has an open port on it, port 22, running SSH.
Now, you connect A to X, and you connect B to X. X is running SSH on port 22. So A and B connect to X with SSH client software. The ssh client software is typically the command ssh.
B should connect to X, with the SSH option that a port should be opened on X, and anything received on that port, should be forwarded to B. This can be done with SSH -R.
A should connect with the SSH option that A shall open a port, and anything received on that port, will be forwarded to that port that B opened on X.
A then connects VNC viewer to A, which goes to X, which goes to B.
That is quite an advanced use of SSH. And SSH is quite a complex tool.
Some pre-requisite knowledge I would suggest is normal use of SSH, by which I mean without -L or -R. Knowing about passwordless login / ssh keys, is good too. Good to know a bit of SFTP in the process just to transfer files from one system to the other. After that, use of ssh -L , then ssh -R with just two computers, no intermediary.
ssh -L and ssh -R are for tunneling. The idea of encapsulating one protocol in another protocol, where the encapsulating protocol is encrypted, or encrypts. And the encapsulated protocol becomes encrypted by the encapsulating protocol.
Technically a person could set up what looks like an HTTPS Server because it runs TLS protocol on port 443, but actually could be a VNC server there encrypted within TLS. So if they were in a university that blocked a lot, the university might allow out traffic on port 443 for people to browser the web. There are programs stunnel and corkscrew that can help with that.
For the sake of learning SSH and use of -L and -R, as pre-requisite knowledge. Part of my answer here mentions those. SSH Tunneling in Layman's term
So now getting back to how to do what you want to SSH.
A.. runs VNC viewer/client.
B.. runs VNC server (the viewed).
X is e.g. a VPS.
B$ ssh -R 40500:127.0.0.1:5901 user@hostX
(that line above has connected B to X, and has opened up port 40500 on X. and anything received there will be forwarded to B's VNC server).
A$ ssh -L 1234:127.0.0.1:40500 user@hostX
(the line above connects A to X. And it has opened up port 1234 on X, and anything received there goes to X and is forwarded to 127.0.0.1:40500)
Then from A, you connect VNC Viewer to port 1234
I've done this very recently.. and the computer where my VNC server is, is in a place with no ISP cable or telephone line. So I have a router with a SIM card in there. (I guess nowadays not only are phones computers, but phone providers are ISPs!). So this router has a SIM card in it. But the connection drops for a moment quite frequently. So I have a bash while loop one-liner, around the SSH command.
B$ while true; do ssh -R ... user@host; done
