At two separate locations you have access to a site-to-site vpn is the best. 1 side should be static public ip or it will be a pain to reconnect. wg and openvpn have easy to work with config files. there are outdated encryptions available so you should research the ones to use. for openvpn you can offload to aes-ni with specific stream ciphers on intel which takes away the cpu cost but openvpn is generally limited to 100-300Mbs. wg uses the cpu but it can do 1Gbs+ due to having newer faster ciphers. some routers have good implementations that take all the leg work out. pfsense is one and im sure there are others. you must mirror on both sides to get the ez mode s2s. you can diy but must know to setup routing, fw, fowarding, and the client/server. the big caveat with s2s is you can't have any overlapping cidr ranges which can be a deal breaker if you have a lot of stuff setup that's difficult to change.