Looking for best practice in setting up multi cloud with on premises practice.
Are you looking for guidance on connecting on-prem to HCP Vault or Consul using private connection?
If so, currently for HCP Vault on AWS if you have a VPN connection from on-prem to AWS, you may be able to leverage VPC peering or a transit gateway attachment to establish connectivity that way.
Currently if you need to establish private connectivity to HCP resources deployed within an HVN from any network outside of the cloud provider the HVN is deployed into, you will need to have connectivity between the external network and the cloud provider the HVN is in.
I hope this is helpful!