Oh, how interesting! Thanks for linking this. I'd love to hear if anyone has experience with it---slightly anxious about using unknown software for sensitive tasks like VPN, but it does look like a pretty robust project...
I’ve been using it for years now. I have a Debian vm that is configured as a NATing router so I can flexibly send traffic wherever I want. Also use unbound to use the company dns for company internal queries only.
With the particular Palo Alto config the company uses I need to peel a cert off of a windows domain member as well as my creds, but that’s not hard to manage