Strat,
He/She will need routers that provide VPN tunnel support. The main off the shelf ones I'm aware of are some of the Billion Bipac range here
http://www.billion.com/product/product-vpn-soho.html i.e the 7402 or the 7800 or some of the Draytek range
http://www.draytek.co.uk/products/comparison.html i.e 2820 upwards. Some of the Fritzbox range also have VPN tunnel support
http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPNen_Praxis_und_Tipps/grundlegende_schr.... I think DD_WRT has VPN support but I'm not sure and have never tried it.
OK, personal experience, I have a Draytek 2820 in the office which provides an IPSec VPN link to a customer site ( another 2820 ) for them to remotely access a system here. The Draytek here actually uses its WAN port to connect to our main ADSL modem/router since we have our main firewall ( Smoothwall ) which provides another VPN to our Netherlands office ( Fritzbox ) and dial in VPN support.
The Drayteks are pretty easy to setup and there are some guides here
http://www.draytek.co.uk/support/router_faq.html#vpn. I've no experience of the Billions but there is a setup guide here au.billion.com/downloads/VPN-IPSec%20FAQ.pdf ,
the Fritzbox works ok but is a little tricky to setup.
One of the main pitfalls when setting up a LAN-LAN VPN betwwen 2 sites is to make sure that the 2 sites are on different private subnets e.g 192.168.1.x and 192.168.2.x for example, otherwise you won't get anything to work. In fact its a good idea to get away from any of the typical router default subnets and say use something like 192.168.11.x and 192.168.12.x.
Also, you need either to have static public IP's or use dynDNS to setup a LAN-LAN VPN.
Hope that helps for starters, post back with any queries.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
