In my opinion you are making this issue more complicated than it really is. You really don't need site-to-site VPNs and custom routing to accomplish your goals.
If I understand you correctly your goals are:
1) To have remote access to machines (Linux, Windows, others) in few remote networks.
Just set up VPN server in each of these remote networks. OpenVPN is probably a good way to go. It would run on any Linux machine, Windows machine (if you dare), even on some routers (f.e. DD-WRT compatible). If these networks are behind dynamic IPs you will also need somekind of dynamic DNS service.
Having VPN server running in all locations you just login to it and access whatever machine in that network remotely. For Windows machines DameWare is probably not a bad idea. It is commercial software but you only need to pay for one license - the license is for an operator (you), not for client machines. You could also use VNC - why not? For Linux machines SSH is a no brainer. And other devices (like printers, networking gear, etc.) probably have HTTP interface anyway.
Also you wrote: "me being able to log in and apply patches and security updates without requiring someone on the other end sending me Desktop Sharing invites". Well are you aware that you DO NOT need to log in to Windows systems to apply patches and security updates? It just happens automatically. Just turn on Windows Update.
And since it looks like you are required to take 4hr trips to fix your parents computers that makes you basically their administrator - DO NOT give them administrator rights on their machines. Set them up with quite secure configuration - no admin rights, antivirus software running and set to automatic, backup running and set to automatic, updates running and set to automatic. If you do so I hardly see a need to physicaly access their machines (modulo hardware failures).
2) You have described your second goal in such convulted way with buts/ifs and so on that I need to cite this mess: "I'd also like some way to be able to monitor/control my son's online activities while he's away (hence my desire to route at least his traffic, if not all Location B internet traffic, through Location A). Also note: I'm not a helicopter parent by any means and only monitor once in a while to get a general idea of what his online trend is; and the extent of "control" is if grandpa and grandma say he needs time off the computer for x days for bad behavior or whatever, I want to be able to enforce that rule where he won't be able to sneak around while they're in bed. This connection will not have any firewalling or blocking enabled by default.".
So basically you want to:
* monitor your sons network usage
* enforce policies on your son (like no Internet after eight since you were bad)
* enforce password usage (or other form of authentication) on your users since you don't want to allow your son to use their grandpas computers while they are not around physically guarding the machines
Well what you basically wish for is corporate-like network with authentication to local systems and to network usage. It can't be done without enterprise class systems - you will need an internet access proxy/gateway for accounting and enforicing access policies for network, user directory to enforce password usage and restrict access to certain machines for certain users (namely your son), network access protection system (and network hardware supporting it) so your son can't just use his Linux machine to access network however he likes.
That means that you are contradictiong yourself by saying that you dont want to have any firewall or blocking - you do.
How you are claiming that you have any training in network administration is beyond my understanding.