This is easy with Linux, I have done this very thing (with a bit more stacked on top of it) between my apartment, and a few family members.
For clarification, I do have symmetrical gigabit fiber and one of the remote connections does as well. I do maintain a self-managed centralized connection point in the cloud to avoid messing with dynamic IPs that the WireGuard VPN connects to. Adding a few entries to the routing table on the edge routers allow for the machines to create a VPN link between each connecting device that is shared seamlessly with the LAN connections on the opposite side of the edge routers. Both sides of the network can access anything that is included in the routing tables of the edge and VPN (hub) in order to allow communication across the bridged networks. I restrict this via VLAN tagging through Linux, smart switches for end devices, and firewall rules on the edge routers.
Even mobile devices can become elements of this network as well by connecting to the VPN.
EDIT:
I added a rough diagram, it doesn't include mobile devices but they can be added easily by connecting to the VPN Router in the cloud.
Software and hardware used for this. Granted, you can use DD-WRT to handle the role of the router as well, but configuration and performance will vary.
Hardware:
Edge routers:
ODroid H2+: Each device supports up to 2.5Gig Ethernet on two ports and operates on a x86 Intel Celeron J4115.
Feel free to use PFSense or Linux.I have partnered with it a Samsung 970 EVO Plus and 8GB of RAM.
https://ameridroid.com/products/odroid-h2
Smart Switches:
Each side has a TP-Link TL-SG1016PE
Not the best option in the world, but they are cheap and support tagged and port assigned VLANs.
VPN:
Wireguard VPN - A fast and flexible VPN that runs as a Linux kernel module
https://www.wireguard.com/
DNS:
Pi-Hole Caching DNS Server/Proxy -- Also supports DNS blacklists and can be run inside docker containers easily.
https://pi-hole.net/
Cloud Services:
Amazon AWS EC2 Instance
Free Tier is available for the Amazon t3.micro and t3.nano instances. t3.micro will allow you to run an instance with a dual core vCPU, 1GB of ram, and 30gb of block storage and you can deploy any Linux OS image that you wish for free. 1GB of ram is well suited for a VPN gateway, I wouldn't want to rely on it for much more than that.
(Amazon limits instance time to 750hrs/month for free, which means the 750 hours is split between the number of the EC2 instances that you have assigned to Free Tier, any additional usage is billed (Current cost is $0.0104/hr (https://aws.amazon.com/ec2/instance-types/t3/) .)
Other software - Included with most Linux distros for free.:
Shorewall Firewall - Easy management of IPTables for zone based network management.
DNSMasq - Used for address management (DHCP and reservations)