Unfortunately, this method is only the "cheap fix" by basically hiding the network connections, but they still are accessible. This might be good enough for what you are needing to, but if you are in any way required to follow HIPAA compliance, or have any kind of sensitive data (customer credit card, personal, or financial information, or employee records) then you have to do something different as this simply isn't actually fixing the problem. It's like putting a newspaper over the dog's mess.
If you need to set up multiple networks and VLANs, then you need to properly segment things out and use access controls or a firewall access rule to allow or deny traffic between network VLANs. I'd also recommend looking into what it would take to set up a site-to-site VPN tunnel instead of having both of the two computers connect through VPN simultaneously to your home office. Not only is this often less secure, but it uses up more network resources and can be harder to administrate. Even a simple Sonicwall TZ 105 is capable of running up to four separate internal networks or VLANs, and multiple remote-to-site or site-to-site tunnels. Additionally, you can specifically set VPN traffic to allow access to only specific VLANs if you want.
Here is how I would recommend doing it.
Set up your computers that do NOT connect to the home office in VLAN101:
Default Gateway: 192.168.1.1
Subnet Mask: 255.255.255.192
Network Range; 192.168.1.2 - 62
Next set the computers that DO need access to the home office through VPN to VLAN102:
Default Gateway: 192.168.1.65
Subnet Mask: 255.255.255.192
Network Range: 192.168.1.66 - 126
Then set your printers and servers to a third shared VLAN103:
Default Gateway: 192.168.1.129
Subnet Mask: 255.255.255.192
Network Range: 192.168.1.130 - 190
In your router or firewall, you will block all network traffic originating from VLAN101 to VLAN102, and block all traffic originating from VLAN102 to VLAN101. However, allow all traffic from VLAN101 and VLAN102 to go to VLAN103 and vice versa. This will allow your separate VLANs to securely communicate to ONLY the right shared devices without actually communicating to one another. Then, if you set up your VPN rules properly you can restrict all VLAN traffic to only the VLAN102 network.