Tinc is an open source Layer 2 VPN that is designed to build fully meshed layer-2 networks while requiring only a single TCP or UDP port connection. It is similar in concept to OpenVPN in that it basically uses SSL to build a layer-2 VPN (which you can then of course run layer-3 over based on if you using a bridge or routed connection). The different is that OpenVPN is peer-to-peer or hub-spoke, and requires complex routing configuration if you have many nodes and many possible disjointed networks.
With mesh VPNs you can build our your VPN in any topology that makes since and, as long as there is some connections between members of the mesh, then all nodes will always be able to see all other nodes. On top of this you can then choose to build a complex, stretch layer-2 network, or use layer-3 networks and any type of routing protocol such as BGP or OSPF to create an exceptionally resilient VPN network.
There are actually several similar projects, but I fell in love with TINC because it uses a simple to configure private key authentication, a single port, and has a very simple configuration.http://www.tinc-vpn.org/
Other options with similar capabilities are CloudVPNhttp://dev.e-x-a.org/projects/cloudvpn/wiki
I used to have a blog post on my old blog that discussed how I used Linux and Tinc to build a "backup WAN" for my old company. We could lose our entire MPLS provider, and even our physical routers, and network connectivity would simply fail over to the Tinc VPN. I also did some testing with stretching our layer-2 to our remote DR site 700 miles away. I build my own linux appliance that would run tinc, and ran two on each side of the link for a cluster and some scripts to perform some "fancy" proxy ARPs to get traffic to route via the gateway that I wanted based on which physical site the VM was actually located. It worked amazingly well for something I just threw together to play with.