I have a bunch of IoT switches connected to my Wi-Fi.
I am aware of three possibilities to connect and control them.
Which one would be the safest (most secure for IOT) comparatively?
Are there any better solutions and how difficult would each one be?
John is on to a solution that should work. Another alternative is to run all your IoT devices on a WiFi guest account, and everything else on the main account/password. This is a simple way to separate your smart devices from your computer network. It's a less sophisticated method of security but a lot easier to implement.
I think what you want is a VLAN, not a VPN. A VLAN can be used to isolate your IoT traffic from the rest of your networking devices.
A VLAN is a way of telling your networking equipment (your router) to treat certain wires to behave like they are a completely separate network, behind a firewall and dedicated to communicating in private. Some of the more expensive home networking routers can be set up this way, but setting it up complex, and will be different for each router.
You could put all the WiFi IoT devices on one VLAN, and set up your firewall so that your IoT network can't communicate with your home computing network. You would bridge the gap between the networks with your home automation hub. That way your smart phones and PCs could reach your hub to control the devices, without actually having to talk directly to the devices themselves.
