I'd like to do Site-to-Site bridging with an IPsec VPN. How do I do that?
On the local side, I have a DrayTec Vigor2910, it is supposed to be able to manage IPsec tunnels. I need to have several VPN tunnels to various sites, but how exactly do I do that if the only router I can configure is the local one? As I understand it I'd need some sort of VPN server or client on the other side but I'm not sure.
Yes, indeed, in order to set up a VPN tunnel you need to some work on both ends of the tunnel. If you cannot configure the other end, or get somebody to configure it for you, then you are not going anywhere.
For situations where you provide the central VPN server for multiple clients, there are scenarios where, after configuration of the server, clients can be instructed to install a client, download some config files and they are ready to go. However, this requires a bit of testing, and it also requires users on the client side that can execute your download/install/configure instructions.
IPSec VPN as is can't provide bridging (L2), but routing(L3). For bridging you can use GRE TAP or L2TP (along with IPSec) - but then you need to verify your box supports any of these (or some other L2 tunneling mechanism)
You need to find out about the functions of your HQ end equipment (the DrayTec) and then what hardware is compatible to act as the other end of a link.
I can't speak directly to your DrayTec, but I use Cisco ASA, and that has the option of doing traditional Site to Site links where you need a static IP address and specific configuration at each end.
It also has a Client type mode called EasyVPN where you don't need a static IP address at the remote end - you configure the remote with the IP address of the central device, and then put in credentials. The remote device can then connect from any internet connection, and provide access to the VPN to a LAN behind it. This works very well for us.
Maybe DrayTec have a similar option.