VPN is the easiest method for this since it takes out a lot of things that you can't really simulate like ISP agreements, fibre runs, etc.
Overall, VPN is really just a PKI setup and routing rules:
Make sure your VPN IP range(s) are separate from the corporate IP ranges (helps with auditing who's connecting from where)
Do NOT use TCP with VPN: you'll want the 'unreliability' of UDP for this type of connection
If you're working with an AD environment with an internal PKI infrastructure, use that to issue the TLS certs for the VPN connection
Your real fun will be with getting the routing and port forwarding right.
For your SMB example, if you really want to get adventurous try implementing DFS into a Windows environment, which allows you to spread a share over multiple servers in different locations.
DFS Namespaces overview | Microsoft Docs
I've only done it once for a customer that had offices in two different cities and wanted to move away from two servers hosting often out of date copies of the same data for each office like their previous IT support had setup. Since then, they've moved to online resources, but it got them over a challenge for several years and DFS still has a place in some environments for things like HR or Engineering data that you wouldn't want online, or could be too large to pull from the net.
Bookmarks