Nixpkgs repository is big but the range of supported VPN clients isn’t that wide. I was using Amnezia, but the latest available version doesn’t work well anymore in a restricted environment.
I tried to upgrade, but stuck with Qt dependencies.
Another attempt to build nordvpn from scratch went of rails due Rust issues.
After a week of building issues I became mentally ready for a hack with a Virtualbox.
The vbox-vpn service starts the specified VirtualBox VM and setups host network in such a way that all outgoing traffic is redirected to the VM and traffic from VM goes to original gateway.
The service, also, tracks NetworkManager reconnects and restarts VM if traffic stops coming through.