Private network for rancher-kubernetes nodes?

Hi. Does it need to setup a Private network (VPN) between nodes of kubernetes (which installed via Rancher) to communicate, or simple ufw allow from NODE_ID will do the job?
And what is networking backend (canal, flannel, calico, waves, …) do in this case?
(on dedicated servers from hertzner and others…)

in case we need a VPN there what is best way to create it