If your goal is to make things simple, this isn't the answer. You're going to end up with lots of "sort of works together" software, all of which will need patching and will occasionally just stop working.
For not many dollars, and a lot less time investment you can use something like logmein remote which will give you nearly always reliable, and secure remote access to the machines. You can even set it up so no one needs to be at the remote machines for you to log in. As long as the machine is booted, you'll be set.
I've used logmein (paid) and it's nearly flawless.
As for monitoring all the URLs your son accesses, you could probably set up a proxy server on the local machine that emails you the URLs daily. But the option of routing the traffic back to your machine via a VPN is just a solution looking for a problem. If^h^hwhen something goes down, you'll be busy rebooting ever bit of hardware along the way.
Good (or just practical) engineers remember... keep it simple stupid.