An alternative to OpenVPN is zerotier - open source, free for normal use.
Step 1: Administrator
Register and add your first network (mark it private - which is default)
Step 2: Clients
zerotier establishes private Software Defined Networks which is almost foolproof to handle for client device users. Just install the software (mac/win/ios/android/linux/freebsd/certain NAS) and connect to the ID of your in step 1 created network. Thats it for clients - no certificates/no profiles, straightforward and simple.
Step 3: Grant access/remove access
As administrator, you log in to your network's dashboard and grant or remove access to this network for each client you wish to provide it for. Et voilá: no matter where your devices are in the world, they can connect to each other.
When I came across zerotier and tried it for the first time, it has taken me 10 minutes to do all of that and enjoy connectivity from everywhere. Far more simple than any VPN solution I tried. For me, as administrator, and - more important - my clients.The underlying protocols are similar to VPN, so security is granted.
There are more options for admins, f.e. you can setup firewall rules to one of the clients to access the network behind that client. This is, among other stuff, properly documented and not necessarily something you would require. I, f.e., let one of my devices join 2 zerotier networks at the same time. One grants access to the device itself, which is what I use for my family, and the other grants access to the network behind that device as well, which I use for me, the MASTER of my home's network 
