Sonoma problem: no longer able to use vnc through tunnel on private network

The configuration I used in the past 10 years or so was OK until I upgraded to Sonoma. I don't know what to do to make it work again. Here is the configuration: >macmini@work on public network >macmini@home on private network Both with screen sharing enabled. The command I use are the following:

ssh -Nfn -L 5901:127.0.0.1:5900  myusername@xxx.xxx.xxx.xxx
    open vnc://localhost:5901

Where xxx.xxx.xxx.xxx is the IP address of my work macmini (or the router IP when I connect from work -> home). From home everything is OK as usual (I need to use a tunnel because there is a firewall blocking port 5902) and I connect to my work macmini. The other way around (work -> home) doesn't work anymore. The tunnel is OK but I can't connect (and it's not an authentication problem because my connection is blocked before the usual authentication box appears). The error I get is a generic localhost connection failed and then gives some suggestion on enabling screen sharing or remote management. Additional information: the router configuration is ok (the router is in the DMZ zone and the SSH port is forwarded to my home macmini and I can connect to my home macmini via ssh) and both macmini have the same sharing configuration. I also tried to enable "remote managment" but the problem is the same. My impression is that the problem is somehow more stringent protection in Sonoma because when I enable "screen sharing" in my macmini it says that I can connect to the mac using 192.168.0.100 (which is its IP address in the private network) or by its name. The vnc connection however arrives through the tunnel and use a different name (I tried both using localhost and 127.0.0.1 but the error is the same). The other way around (home -> work) works because I'm using the public IP address which is reported in the "screen sharing" allowed IP address to use to connect. So the question is: is there anybody that had the same problem? How did you solve it? How can I control what allowed IP/NAME can connect to the macmini vnc server? And finally: what other option do I have if I can't connect to my macmini@home through a tunnel? Of course I don't want to pay 90$ for the Apple Remote Desktop app.