Setting up a VPN between exclusively two machines would do the trick mostly. Note, however, that if a malicious user compromised the client, they'd still get unfettered access to the whole file system of the server -- whereas with NFSv4, they'd only get access to the files accessible by the Kerberos principal of the client.

Also, when I wrote this, I was thinking about the use case of a home network: running a VPN within such a network sounds really strange, but such a network is full of less-than-trustable IoT devices and the like.