Currently working on an issue where I'm trying to see if it's possible to have a L2 segment accessible at multiple locations.  I have 3 locations connected to SM fiber; HQ has 3850 in L3 w/ the SVI/gateway for all of the vlans and all 3 locations point to it for default route.  Other locations have 9200s and 1 of them has a 4K router for L3, though currently not in use for routing for the site.  At the moment there exists a need for devices in site 1 to be on the same L2 segment as devices in sites 2 and 3, hence why the vlans are setup the way they are.  While this is all currently working, trying to build in some redundancy and wanted to create a vpn for backup in the event there is an issue w/ the SM fiber.  Simple solution would be to segment each site into site specific L3 networks, then run a routing protocol between the 3 so they could talk over the fiber.  If that failed could run a GRE tunnel inside IPSEC to still get the adjacency and have EIGRP working.  

The issue I'm running into is that a device in vlan 3 (172.25.101.25) at site 3 has to be able to reach a device at 172.25.101.10 at site 1 as the vendor doesn't support the traffic being routed.  I saw documentation w/ respect to L2TP tunnels but don't believe that's supported on the current hardware.  If additional hardware is required that is possible, just looking for some possible ideas if anyone has something that might be able to work.