Proxy ssh for only 1 server

Hi there, thanks for your time.

I can reach a webserver hosted home with a VPN and manage it.
I want to give access to few users to the SFTP service.I use Freefilesync (which I raccomend for sync and backups) and I don’t see the opportunity to pass further options with the ssh like ProxyCommand
First question is:
Share vpn setting + direct sftp access VS open port 22 (or any other to choose) to internet?

My feelings tell me to open one extra port and use a reverse proxy. What is the community suggestion?

Reading the beginning of the haproxy howto nicely done it seams featible to organize it but I’m not an haproxy expert plus I’m using OPNSense where I have a GUI to set it up.
I understand I have to use the TCP mode but it is unclear how I can pass the credentials to the server or how haproxy grant access on behalf of the actual server

I checked online with little luck because most of similar questions use tunnelling or extra SSH options

can someone give me some hints and directions?