VPN

Merging branches on Mikrotik via VPN + routing?

There is a central office (CO) and 4 branches. The task is to unite all branches through a secure VPN for RDP access to the server in the CO + to the file storage in the CO + video surveillance. It would be desirable to make it competently "without superfluous crutches". An expansion is planned in the future. All objects are equipped with RB4011 and each office has its own video surveillance (20-25 cameras). The number of users in each office is 10-15 people. At the moment, branches are united using L2TP + IPsec, according to the "star" scheme. Routing is still static but will soon switch to OSPF. All branches are in the network of one provider. One branch is located behind the provider's NAT, and the other 3 branches now have white static, but it is planned to abandon it and leave it only in the central heating center to reduce costs. I want to ask the gurus which VPN is better to use in this case and what useful solutions can still be screwed and configured here in addition to OSPF. The VPN must be protected at least IPsec and must be able to overcome the provider's NAT, support for hardware encryption is very desirable. Also interested in what options should be used to protect the network from broadcast flood loops and other troubles? Which can put a network or create problems with access to a server. Also interested in what options should be used to protect the network from broadcast flood loops and other troubles? Which can put a network or create problems with access to a server. Also interested in what options should be used to protect the network from broadcast flood loops and other troubles? Which can put a network or create problems with access to a server.