Comment by a_tartaruga

As others have pointed out this is possible using confidential computing / secure enclaves. It's actually a pretty great application if I understand what you are doing correctly because you are running a relatively simple and self contained process in the enclave. Don't use SGX which has been pwned so many times it is a meme: https://en.wikipedia.org/wiki/Software_Guard_Extensions#List.... AWS has something that looks ok for VPS. AMD SEV-SNP is pretty nice. I know you can get SEV-SNP working on hosted dedicated servers not sure about VPS providers.

If you want to do a crazy science project you could look at the Marlin network which apparently lets you execute code in enclaves on random people's computers. Probably the throughput these random people would not be practical to run your VPN.