This solution would require the controlr author to be providing a server which the current solution does not (unless I have misunderstood what you are asking for). If a server is required how do you know it is secure?
The moment you let ANYTHING from the internet into your LAN there is a potential security risk, but I think the open VPN is one of the lowest risk options, particularly if you set it up to require a certificate to use it at the client end