But it would be very bad that I need to connect to all 100+ networks from my phone + laptops simultaneously.
So the question is:
Is it possible somehow to create one Network that would “see everyone” (all members in all groups) ? 10.9.1.10/16, 10.9.1.11/16, ...
If yes, can I block somehow the access to this, so members should not be able to start connections “back to my PCs”, only I should be able to connect to them? (VNC, RDP, SQL)
A lot depends on the design on your networks and the participants. Are these 100 networks made up of distinct sites plus some roaming machines? Or a random collection of machines?
One solution would be to have a single machine connected to all of the networks and use it as a firewall/router between them where you define which networks can talk to which other ones and under what conditions (master network can open RDP connections, but not in the other direction for example).
Or if you’re dealing with specific sites (store1, store2, etc.) and they have a local router that you can install Zerotier on, then you can route to the local networks over a Zerotier network (see: Zerotier & Mikrotik design concept - Infrageeks) for an idea.