You all think right. For routing suitable for the number of ports and the price of RoutersBoard. You can try to install CRS (but there are no models for 48 ports yet). There is little traffic, 30 megabit encryption will be supported by more or less older models starting at least with the same RB2011.
On access, I (I have over 240 ports) set SNR 2990, a very efficient piece of iron for my money. At me on them all network is constructed. It looks like this:
I have a larger network, so there are two levels (for access, these are l2 +, and for the core there is already an older model SNR S3750G L3 - in the picture there is optics for it).
You don't have to bother with this. Just limited to 2990 and RB.
UPD. About Mikrotik. Self-assembly configurations are mainly used to implement tricky configurations, such as access points with six antennas, or points with 10 ports and three cards.
For your network, it is better to take ready-made and in the case, the same 2011 that you have chosen is more than.
Tsiski can, if anything, take a BU, but still it will not be possible to collect for the same money as on SNR, for example.

And I have everything built on Cisco.
VPN between two Cisco ASAs, on the one hand an ASA 5510 and an answer on the other ASA 5505. Internal Cisco Catalist switches, for example C2960, etc.
In general, if you want a quiet life, take Cisco.
Well, if you strain with money, then it doesn’t matter what you put inside.
It is possible, for example, based on FreeBSD + OpenVPN on both sides, to build a network. I once had this

Take DLink DES/DGS 1210-28/ME(52) or 1510-28(52) switches. You can even D-link DES / DGS-1100-24, but it does not pull multicast very well, but otherwise it is very stable. We supply long lengths to all customers for projects, and they themselves are standing, only we work on them. They are able to do VLAN and multicast and ACLs and even 802.1x + DHCP-snooping.
And yes, we do IPTV, so I know what I'm talking about.
As for the router, I have been doing this for a long time.
I take an ordinary computer with two network cards with Core i3 / i5 and 8-16GB of memory, 2-4 HDDs. For everything about everything 20-30k rubles.
I put ubuntu on it:
- KVM
- SAMBA
- FireHol (firewall)
- OpenVPN
- I make disks in RAID 10
I prescribe masquerading on the firewall, set up file cleaning on Samba.
I deploy several virtual machines on KVM, one with IP telephony (FreePBX), the second with Windows Server 2008 (you can get by with samba), the third for WEB/RedMine/Trac (ubuntu).
Additionally, I put inflyxdb + grafana on the last virtual machine, on the main collectd host. I get statistics and beautiful graphics.
As a result, I get:
- a powerful router
- a file washer - a
Windows domain
- telephony
- a VPN organization with encryption and remote access
- a web server with tools for teamwork (notes, notes, tickets)
And we do this for ourselves and our customers practically on stream!

I support D-links. It's all on them too. On L2 DGS-1500-52 (now newer 1510), core on DGS-3620-28SC and routing on Mikrotik CCR1016-12G with VPN between branches.
I can’t say that it’s very budgetary, but in any case it’s cheaper than Cisco and others like them.
Mikrotik is good, like T34. Reliable powerful, but you have to be able to smoke it. I honestly want to add Kerio to it for kosher internet control.
In your case, when there are so few clients, then just one DGS-1500-52 + RouterBoard to each office and everything will be ok.

Great, thank you. Damn, an expensive piece of iron, of course, 2990.
Here's another question for RB. I went to their website - there are a lot of offers - there are ready-made solutions - integrated ehternet routers - RB 750, 750up, 2011iL, and there are separate boards - RouterBoard RB 450, 411GL, as I understand it for self-assembly? So what to focus on here, is it suitable just to buy something ready-made?
While thinking about routerboard.com/RB2011UiAS-2HnD-IN
UPD: No, cisca is definitely not for us. Money here we love the account :). As for the fryakha and openvpn - now we are just trying to get away from something like that. That is, now the network is built, roughly speaking, at the level - "all in one switch" and to the Internet through Linux with iptables. No control or flexibility. But at the same time, as such, downtime, one might say, does not happen now.

For routing, if not tsiska, then mikrotik. The model you suggested will suffice. The iron is very good. At me such "held" a grid from 12 branches (GRE + IPsec) with a reserve channel. Branches had RB951Ui-2HnD .

As you can see there are a lot of options.
For access, really choose any managed l2 switch. Keep in mind that there are switches that sometimes freeze. Which ones work reliably and which ones do not, it is impossible to unequivocally name the models, because everyone has different experience. So someone's dlink hangs, and even a tsiska. It all depends on the model, settings, firmware, traffic. They didn’t let me down:
- hp / 3com Baseline Switch 2226
- Cisco SF200-48 - Cisco Catalyst WS -
C2950G-48-EI (used hardware was bought and has been working without problems for several years ) Now think about whether you need it.
For routing, even mikrotik 750 would be suitable for you, but it will not pull 100mbit on an encrypted tunnel. You need a more powerful processor.
A budget option can be a regular PC with any linux distribution (there are special versions, such as VyOS) or *BSD. You can also buy a RouteOS license for x86.
ps
In general, the key parameter when choosing a router is not the bandwidth, but the number of packets / sec (pps), it is also worth considering how many rules for the firewall are planned.