You have two good choices.
1. Wireguard: Where one router will act as the server and the other two routers will connect to the single (server for handshake) router. The two client routers will be able to see each other via the primary router. All subnets will be available based on allowed firewall rules, Ip routes for the subnets and proper allowed IP settings. Remote single users can wireguard into the primary router and reach all subnets and all routers for config purposes, based on the permissions you set.
In other words, this is like adding a vlan which comes under ROS rules for routing L3 traffic and Firewall rules.
Note1: Completely self-contained within your routers.
Note2: What I would also do is establish a secondary wireguard connection between the two secondary routers, in case the primary went down for any reason and you still wanted to be able to have the two routers see each other and for road warriors to connect to the routers for config purposes or to visit subnets, etc...
2. Zerotier: Allows one to stitch together all your subnets as if they were on the same subnet, L2 connection. Great for multicasting etc but harder to separate out users from each other as its one happy LAN.
Note; Relies on zerotier servers (third party).
1. Wireguard: Where one router will act as the server and the other two routers will connect to the single (server for handshake) router. The two client routers will be able to see each other via the primary router. All subnets will be available based on allowed firewall rules, Ip routes for the subnets and proper allowed IP settings. Remote single users can wireguard into the primary router and reach all subnets and all routers for config purposes, based on the permissions you set.
In other words, this is like adding a vlan which comes under ROS rules for routing L3 traffic and Firewall rules.
Note1: Completely self-contained within your routers.
Note2: What I would also do is establish a secondary wireguard connection between the two secondary routers, in case the primary went down for any reason and you still wanted to be able to have the two routers see each other and for road warriors to connect to the routers for config purposes or to visit subnets, etc...
2. Zerotier: Allows one to stitch together all your subnets as if they were on the same subnet, L2 connection. Great for multicasting etc but harder to separate out users from each other as its one happy LAN.
Note; Relies on zerotier servers (third party).
Statistics: Posted by Mesquite — Wed Feb 07, 2024 2:01 am