can this help you → http://www.techguyfrombelgium.com/en/vpn-port-redirection/

Yes it's a good start, Thanks! 

Two questions:

1) how do I configure this? 

2) will the normal wifi internet still be available after this configuration? 

1) how do I configure this? 

through the bbox3 its Graphical User Web Interface (GUI), by surfing to http://192.168.1

(or direct link to the map portmzpping → http://mymodem/7.3.8/gui/tpl/src/access/nat.html)
(log in there as User with the User password, which is on a sticker of your bbox)

> “create new port map”

2) will the normal wifi internet still be available after this configuration? 

Yes

Thanks buddy this is super helpful! 

Question: instead of this rather complicated configuration, can I just change firewall level from "medium" to "low"? 

Manually configuring the Port mapping you've shared is too much for me I'm afraid.

Thanks a lot 

A firewall level medium is better than low. It is very simple. 
The security of a computer depends mainly of the user, of what you do with a computer. Downloading music can be dangerous if it is not legal. Same remark for films, games, ..  Writing a letter to your Mother is not dangerous. It depends also of the operating system. I use Linux and I am not in danger. Virusses and malware are mainly produced for Windows. 
if you have a PC connected to the modem and if this PC has a very good firewall you can change to low on the modem. 

Yes you can do this, the difference between the two is the following:

• Low: All connection attempts coming from the WAN or initiated from the LAN are permitted
• Medium: All connection attempts coming from the WAN are rejected with the exception
  of those that have been authorized through port forwarding, DMZ or remote access configuration.
  All Services initiated from the LAN are permitted.

Thanks buddy!