Connecting 3 areas over the internet

I have a question, I have 3 areas that I need to manage, I wish to connect all 3 over vpn and or ospf so that I can access Area 1 server for pbx, unifi controller, unms, and all the different things like plex and so on on the main server.

I was thinking of using ZeroTier, but not sure if its possible. The thing is that the IP is not static.

What can I do to solve this and what options do I have, for hardware I only have the EdgeRouter 4, nothing more, but I would like to keep costs low.

Do any of the sites have a static IP?

That type of site to site VPN I would normally do IPSEC…if there is equal traffic between all of them, connect them in a logical triangle (1-3, 1-2, 2-3)…if it’s more of a function main office -satellite office, just have the satellites connect to main.
Not sure what the EdgeRouter’s IPSEC capabilities are.

Why don’t you use OpenVPN with DDNS ?

They dont have static IP, AREA 1 is more of the main office the other 2 are kinda satellite offices.

I havent seen openvpn with ddns, would the edgerouters would allow for both?

I mean setup a DDNS service which resolves your dynamic IP address, add this hostname to your OpenVPN server in-place of your dynamic IP address.

Don’t have an edgerouter but if it can’t handle DDNS and doesn’t have OpenVPN then I suppose it just has a pretty UI.

I guess, only the one that is the main one would need the ddns? or all 3 would need the ddns?

take a read of this you’ll see you need 3 if they are all assigned dynamic WAN addresses.

If you have main office and satellites, the remote offices would only need to connect to main and you route between remote offices there. Depending on VPN used, you can get by with DDNS only at main office, although you should really see if you can work out a static IP from ISP there as that will make things MUCH easier to troubleshoot. If you keep dynamic address and use DDNS, make sure it is not a CGNAT address, if it is you really won’t be able to do any inbound communication. Also, OpenVPN will handle dynamic addresses and NAT much better then IPSEC.
You could always run OpenVPN on a VPS and hub all the connections there, beware of bandwidth charges from AWS, Digital Ocean, et. al.