Is it possible to create a site to site vpn network between two homes that will allow traffic between all devices in both homes but will still send internet directly out in both homes so there isn’t increased latency for normal web traffic. In addition is it possible to do this in a way we’re if one house goes offline for any reason they won’t both loose internet. Not sure if this is possible
Yeah. That’s the point of a site to site vpn
Yes, this is the whole point of a site-to-site VPN.
Ideally you do this on your router/firewall at the edge of the network and control which traffic goes up the tunnel with routes. IPSEC is the traditional way of doing this, but you can achieve the same thing with wireguard and even OpenVPN.
Doing it from another host on your network can work, but you get into asymmetric routing hell quite quickly unless you have the VPN endpoint on a separate subnet.
Do you think that s2s VPNs are always for internet backhaul?
What you’re looking for is a static route; that tells a router to forward specific traffic via a certain port, while everything else goes to the default route, i.e. the internet.
Some VPN setups will configure this automatically, some will not. Depends heavily on how your VPN is configured.
when you build a site-to-site tunnel be sure not to let your default route point to the tunnel or the tunnel interface. when you add a static route for the remote house (peer) be sure to only include the network portion of the remote house network. (eg: if the peer network is 192.168.0.1-255 with a mask of 255.255.255.0, the subnet mask tells you what portion of the network address represents the entire network as a whole vs. an individual within that network. Compare any network (IP) address to the associated mask by writing them down one sitting above the other. Where the subnet mask has a zero, thats the host address within the network. Where the subnet mask has a 255, that represents the network that all hosts resie within. If you see anything other than a 255 or a 0 in the subnet mask, thats VLSM and requires more explaining. Write down just the network portion of the IP address and set the host portion to zero. (eg. 192.168.0.14 + 255.255.255.0 = 192.168.0.0 = network address, subnet-ID or sometimes subnet address) . So when you make your static route to the peer house, make sure you provide the subnet-ID. if both houses have the exact same subnet-ID, 
traffic won’t flow across your VPN like you’d hope. At that point, you get to pick one side of the VPN tunnel (one of the houses) to renumber or change to a different subnet-ID or use double NAT (not fun). Renumbering might be as easy as changing the DHCP settings at one of the houses. The person who doesn’t have to renumber gets to buy the other person beer! 
Split tunnel vpn is pretty standard
Absolutely. I’m putting something together just like that so that when I’m down at the new condo visiting the grandkid (on the way) I can work “extra-remote”, since my homelab is also my worklab. 
Using ipsec between a pair of PFSenses.
Yes that’s possible.
This is the most common configuration and thus very easy to find examples
Yes, that’s what site to site VPN is for
You can do this with Pfsense (this is what I know about) and many other firewall products to do this, and as others have said, works best if you have it at the edge of each site, eg firewall to firewall, this makes it seamless and transparent, no need for vpn clients on devices, etc.
Basically you have site 1 and site 2 on different subnets
Eg s1 10.0.0.0 and s2 10.0.5.0
And then you establish site to site VPN between the two firewalls, there are many guides that can help you set this up, I used a guide for Pfsense to Pfsense openvpn one.
Then, the firewall knows that you have this interface, but it’s actually the VPN tunnel, so on s1, you add rules that say if someone is going to a 10.0.5.0 address, then that should go through the VPN interface, and then at s2 side, you allow it to accept traffic coming from the VPN tunnel that originates from 10.0.0.0 address and is destined for s2’s 10.0.5.0 addresses, and do the reverse to allow traffic the other way, eg from s2 to s1.
Now only thing is, you need to know what IP addresses on other end are for what, or you can setup a DNS server and add entries to it, so you can have alphanumeric addresses instead.
Things like broadcasts (eg how you can sometimes discover let’s say a wifi printer without knowing it’s ip) usually don’t get forwarded across the VPN since it’s a different subnet, so those things may not function for something that is on other site unless you know the IP address of it.
Good thing with Pfsense it also has the DHCP server, so you can setup reservations for certain devices so you can easily tell what is at what IP address, note that all this is just to figure out what IP you need to go to, once you have that configured in whatever app you are using, it’s all transparent, going to that IP is just like if it were on your LAN, albeit limited to your respective internet speeds at s1 and s2, eg slowest common denominator here.
Something like tailscale can do this. You install the client on two computers on different networks and it can route traffic between them.
Can be, but doesn’t need to be a static route. I run OSPF across a series of wireguard tunnels to distribute routes to LANs at different sites dynamically.
How’s it compare to Tailscale and ZeroTier?
You wrote “WireGuard” is free for under 100 devices , but I thought Wireguard was open source and free for everyone. Did you mean “Tailscale” which used Wireguard? Both are awesome and TS is really great, I’ve been using it for 1 month now and it solves a lot of the problems and concerns I was having.
If you have a dynamic routing protocol to exchange routes such as BGP, sure - but this is likely the simplest.
Porn if you live in texas or porn that is filmed in texas?
Thanks for the clarification. I missed your first line! Just checked out their web page. Gonna stick with TS for the moment, but was chatting with another Redditor about doing my own Wireguard stun/turn project and see this is open source. May switch over to NB in a little bit or at least check it. Then, try self hosted just to see how that feels. I like the idea of doing self hosted with the central contact point in the cloud. Realize that would cost me more money than the free version, but then I’m buying some level of my own control.
Also, thinking I would mostly use this for connecting into network edge and not deep internal. Then, build reverse proxies for various algorithms at the edge (http, ssh, vnc or RDP). That way I get the best of both worlds in terms of a vpn with no pinholes and then an application level of protection with a security guard and traffic cop at the front door.
Thanks for showing me Netbird.
Did you have specific reasons for choosing it beyond open source and free?
Only thing more flexible than networking is money.
LOL. So, I worked in Infosec for years as a developer (not IT). Just looked up ZTNA. What I described above with Wireguard+stun/turn to the LAN edge with a reverse proxy to allow access to interior assets limited by user Authorizations is ZTNA in concept, if not in fact. Good to know my training still leads in the right direction. Thanks for the info.
This is awesome. I look forward to trying it out once I get past my other projects.