I’ve used OpenVPN (ovpn) to do this kind of thing for years.
Years ago at a hosting company I worked for I used ovpn to allow remote users to join the company LAN and connect to our Asterisk PBX to make and receive phone calls via SIP from their home offices etc.
In that case I had ovpn set up as a server on one of our public IPs and ovpn was installed and set up as a client on each remote user’s PC. The remote client uses a certificate to connect to the server and join the LAN. If someone left the company etc., you just revoke the certificate and they can’t connect.
In your use case I suspect that you want to create something along the lines of LogMeIn Hamachi with a web front end controlling and automating that process. In that case you would basically have two or more remote ovpn endpoints that would need to connect together with the app you’re wanting to build providing the certificates and config that allows them to connect to one another.
It’s been a while since I’ve used ovpn to do this sorta thing, so many things may have changed since then, but the certificates and keys were generated via a script, so that could be automated etc. But like LogMeIn Hamachi, it will require the end users to install the vpn software (client) on their systems to make it work.
If I was going to build something like what you describe, this is were I’d start. I’d start by looking at something like ovpn and see if I could build a custom vpn client that could be installed on each users system that would connect to my app to get it’s config etc.
The only issue I foresee in this venture is security. I want to stress that you would need to completely understand all of the security aspects involved in doing something like this.