I'm struggling a bit with my setup and need some help.
I manage a group of clients who all have a IPSEC tunnel to a business. They're all given a /30 range and connect to 10.0.0.0/8. I've set them all up with a Hex S and are all behind their ISP routers. I have no control on the business side of this connection, so when issues pop up or we need more tunnels, I'm at their mercy. Due to their setup I also have no way of connecting from one client to another through the tunnels. As a result I've setup an outside "Management Router" that all the Hex's connect to also using IPsec tunnels from their /30 range to 10.1.1.0/24 through which I can access them and their attached computers.
We've recently decided to expand the scope of this management tunnel and I'm having trouble figuring out the best way of handling it. For starters we have other networks attaching to it on different subdomains (instead of the 10.1.1.0/24 subnet they're on the 192.168.1.0/24 subnet). We also want to setup the Management Router as a backup connection to the Business, in case their direct connections fail, this should take over.
Ignoring my existing solution of using IPsec tunnels with multiple policies, what's the proper way of setting this up? Tunnels? L2TP? GRE? Using RIP/OSPF? A lot of technologies I'm vaguely familiar with but don't have enough experience to choose between or implement.
Thanks in advance.