How to Configure Secure Connectivity between Multiple Subnets

How to Configure Secure Connectivity between Multiple Subnets

I have the following setup
2 x linode vps
1 x lab (physical) running 4 vps
My goal is to make it so all nodes act as if they are on the same LAN.
This will allow me to alter IPTable rules, to allow only local traffic,
versus having to add a new IPTable entry for EVERY server which needs
access to a port on the target node.
I have done some preliminary research and testing and can't quite seem to
figure out the best solution for what I am trying to accomplish. I have
been practicing with two of my lab VPS, which reside on separate subnets,
before I start configuring the actual production VPS.
The lab machine has two physical nics; eth0 and eth1. eth1 is setup as a
bridge to provide virtual nics to the VPS.
Setup is as follows
service-a-1 (physical node):
eth0: 192.168.0.1
eth1: br0
br0: 192.168.0.2
service-a-2 (vps):
eth0: 192.168.0.3
eth0:0 10.0.0.1, 255.255.192.0
eth0:1 10.0.1.1, 255.255.192.0, gw 10.0.0.1
service-a-3 (vps):
eth0: 192.168.0.4
eth0:0 10.0.64.1, 255.255.192.0
eth0:1 10.0.65.1, 255.255.192.0, gw 10.0.64.1
I use the 192.168.0.x ip addies to connect to the VPS, but the 10.0.x ip
addies to practice connecting subnets. My goal with the above design is to
establish a secure tunnel between service-a-2 and service-a-3 by way of
their gateway ips; 10.0.0.1 and 10.0.64.1, respectively. Then for all
other nodes in each subnet, use the gateways, for which a tunnel is
already establish, so I don't have to keep creating a new tunnel for every
node on either subnet.
To test connectivity I have been using: ping -I 10.0.1.1 10.0.65.1, which
should emulate communication between node1 on subnet1 and node1 on
subnet2.
I tried to follow the instructions outlined in this tutorial as it seemed
pretty straight forward, but after reading other posts, not sure it's
actually encrypted, as the mode is set to 'gre'. But after reading some
information on using OpenSSH, it seems that a new connection is required
for every node on the subnet, vs establishing a single connection between
the two gateways.
After more searching around I came across an article provided by linode
which looked promising but in the first few paragraphs mentioned that
OpenSSH is the preferred method (over OpenVPN) to accomplish what I am
seeking to do.
So my question is a two-parter:
Is my logic valid for trying to connect subnets with one another?
(Establish a tunnel between gateways, then assign gateway to each node on
the subnet)
What is the preferred method of establishing a tunnel between two gateways
to be shared by X number of nodes within their respective subnets? Using
linux route, OpenSSH, OpenVPN, or something else?