well done.
this brought up fond memories of crackme communities in the early web... looking at asm callgraphs in ollydbg ...
I just found my +20y old patch.exe that 'NOP's the correct address of a popular windows archive handling software just to get rid of its nag screen ;-)
I was involved in a very similar situation once.
I recommend wireguard for this, it's mature for years, has superb support in linux and some BSDs and there are userspace implementations if you need that.
It wraps traffic in UDP, the overhead is much smaller thus throughput mich higher than traditional TCP-based VPN (you want to avoid tcp-in-tcp!).
There were once patches posted to lkml that passed QoS-flags from the inner packet to the wireguard packet, if you need that. not sure if that landed upstream in the end.
key distribution and lifecycle management is what was still unsolved years back when this was evaluated, nowadays tailscale and its clones and similar oss should serve you well.
you all make it hard by bloating your sites with Jenga tower abstractions for styling, needlessly load content dynamically via Jenga tower javascript libraries that pulls complexity into frontend and most of the time puts unnecessary load on the content generator ("backend") too.
I don't know a lof of sites where that actually makes sense, as web === text.
When html5 came about, along with CSS3, it was such a big leaf in terms of ease of use and accessibility. I argue that what most websites do to my taste nowadays can be achieved by early-stage html5+css3+ a few svg.
Nowadays on about 50% of websites it have to
* enable 3rd-party JS just to get the text
* enable massive amounts of 3rd-party JS to get the images
* enable remote fonts just to grok your pathetic icon-only menu or even spot the 'search' feature (it's not even a 'button' most of the time) because you didn't care to use a proper <img> or <svg>
i usually use subshells and a project specific shell script to not have variables linger around in long-lived shell processes: ` ( . ./credentials && PW="$CRED_PW" ./the_thing ) ` so credentials can be retrieved via pass or whatever mechanism provides them.
exactly the reason why you NEVER should copy-paste code from a website into your terminal, even if that has paste protection (https://lwn.net/Articles/749992/)
If they (and every public body doing the same move) now start donating 50% of their previous costs to the FOSS projects they, that would most notably put mozilla in a much better position to not have to bow to google money and go down the route they did lately.