Hello!
I would like to help you with this project. I suggest you to use OpenVPN, to connect all routers. Also we can use Central pfSense on AWS, pfSense is really performance system, and also it will be easier for future administration.
About my experience:
I have big experience with network administration (VLAN, SNAT, DNAT, iptables, iproute2, multiWAN, tcpdump...), managed switches, routers...
Extensive experience with pfSense routers. I use it in every office in my main job, in my own office, as router on rented servers. What I did with pfSenses: DHCP, DNS, DyDNS, SNAT, DNAT, 1:1 NAT, Destination\Source routing, Carp (2 hardware pfSenses in failover mode), MultiWAN, gateway groups (failover and load balancing), VLANs, a lot of experience with OpenVPN servers\clients on pfSense.
Big experience with virtualization systems: VMWare ESXi, vCenter, MS Hyper-V, Proxmox VE.
Backups and replications for virtualization - Veeam B&R.
A lot of experience with OpenVPN servers/clients. TUN\TAP networks, complex routing for separate clients. Serial connection 2,3 servers for more security. OpenVPN over IPv6 and other...
Experience with MS AD, DNS, GPO, RDS, Hyper-V, Veeam B&R, Mikrotik, Ubiquiti and some other skills.
My other skills and reviews you can see in my profile.
Hope for cooperation!
Thank you!