I've tried a bunch of different approaches to VPN in my short self hosted journey.
I chose Mullvad as my VPN and tried to make a container containing an OpenWRT router, a Windows machine, a bunch of containers within containers (Docker in LXC) before learning that's a shit way of doing things, and then I found Gluetun.
It was so simple to set up, and there was a dude on YouTube with all the Docker compose files and explanations, so I learned what I was doing as I was doing it.
Ultimately the only reason I didn't end up using it was because I didn't have my Plex instance in the stack and it couldn't communicate with the containers I was deploying, a trifle really.
I took what I learned from my Gluetun stack and used it to run Docker in a Debian VM with a the Mullvad app running, which is arguably easier but uses more resources since I run a second VM with Plex and other server stuff in Docker, and I could theoretically run it all in the same VM with a little more knowledge.