...and of the options, I'd suggest a VPN (anything other than PPTP). Proxypass would expose those devices to the wild Internet, and unless they're hardened for such exposure, the potential consequences are unpredictable. SSH tunneling would be secure, but would require specifying a local port unique to each target device (though, on the positive side, it wouldn't require any configuration or contribs on your SME server). A good VPN configuration like OpenVPN is secure, and once you've made the connection from the remote machine, it's like you're on the LAN.