No browser has a VPN function, it's just a proxy. You can use sth like Bitmask for a free VPN. Calyx Institute and RiseUP provide some free servers too.
Usually less bloat ootb and less/no feature updates, longer update support. But actually I haven't compared those Win11 versions by myself. I use Enterprise versions since Win7, with Win10 Iot Enterprise LTSC being the best version of all (at least currently) and it has support till 2032 :)
Not a good idea, to share copyrighted material with your university account. Especially in DE.
Archive.org would suit better!
Nevertheless thanks for your work and I would recommend to include Dism++ and maybe use an Enterprise version of Win11. But yeah, versions can be easily changed with Massgravel's activator.
Whats your setup? Stuff dockerized? Looks like routing/iptables are set incorrectly (depending on your setup).
But my solution would be using a local DNS VPN like personalDNSfilter, exposing your services over the VPS to the net and connecting over https to them. For local access at home you can use split-brain-dns (hope thats the correct word [example.net = 8.8.8.8, at home it resolutes to 192.168.x.y]). With that you can just walk around and use every service with the best latency and bandwidth, without manually deactivating the VPN.
This.
You can create two seperate networks for the nginx instance (I would recommend NPM (nginx proxy manager)) and use one each for connecting from the lemmy instances to the reverse proxy. Traefik is nice too, that was my first rp used for docker and it integrates quite nicely to the docker environment :)
Linux and Luks full-disk-encryption for every system. Remotely unlockable via ssh. HDDs are unlocked via keyfiles which are on the fd-encrypted SSDs.
For windows you can use VeraCrypt (don't use Bitlocker!).
For single files I usually use 7zip or Peazip with long passwords.