We are using different tools for different purposes. The simplest thing we can provide is to use OpenVPN to provide client access to the mesh. The reason we used OpenVPN for this is that howtos are simpler to follow and it's easier to configure.

We are therefore using [tinc][] for mesh interconnection, as it is completely decentralised (as opposed to OpenVPN, which uses a client/server architecture). We can't use IPsec as it doesn't pass babel's IPv6 broadcasts properly. We could also have used tinc for simple client access, and instructions on how to do this (and therefore replace the OpenVPN instructions are welcome here).

tinc: interconnect disjoint mesh networks

See: tinc

OpenVPN: providing client access to the mesh

See: openvpn