Is it possible to make a L2TP/IPsec VPN connection from within a linux-based Docker for Windows (WSL) container?

I use Windows.

My main goal is to be able to open corporate websites which are only available via corporate VPN such as GitLab. Since Windows wouldn't allow me to specify which websites I would like it to use the VPN to connect to, I came up with the idea of using Proxifier to proxy into a Docker container, which would have the required VPN running. This would eliminate the need to constantly turn the VPN connection on and off to either use corporate websites ot personal (basically any other).

So I have tried numerous variants of alpine/ubuntu-based images, such as l2tp-ipsec-vpn-client, but they all fail to run on a WSL (either v1 or v2); I imagine the reason being them all made specifically for Linux-based host OS.

Switching back and forth to Windows Containers on the Docker Desktop is just moving the turning on and off issue from one place to another, since I require Linux Containers for my work.

Hence my question: how do I setup an outgoing L2TP/IPsec VPN connection from within a (preferrably small) linux container?

(So that I would then set up a small proxy server to Proxify connections from my host Windows OS to said VPN server)

The correct answer is: "It depends".

As in which technology you are using for VPN and how what kind of NAT (and how many) there is between Docker and the Internet.

Speaking from experience:

OpenVPN has limited functionality when the connection goes through a Carrier Grade NAT most notable VPN via UDP packages tends to get dropped.

It works with tunnels via TCP tunnel, but is rather slow.

Strongswan (IPsec) works, though there were reports (*) of dropped connections when everyone had to work from home and connect to corporate network and the Internet connection was behind Carrier Grade NAT.

WireGuard also works. It is blazingly fast, even faster than IPsec, though it gets tricky to manage when you have a large number of clients due to key management.

Other VPN protocols might not even work with Carrier Grade NAT due to the may need client ip on WAN side - like for instance if you want to test IPv6 with a tunnel from Hurricane Electric.

In those cases you need to work around in order to make it work.

I haven't tested Nebula mesh with Carrier Grade NAT, though I am intrigued by the part where you are not limited by the bandwidth available to the hub in the network.

So in a nutshell:

You need to decide how you want to use the VPN, because the purpose will limit which protocols you can use.

(*): I do not have direct links to sources, so I attribute it more to heresay, from friends working with Microsoft VPN, which uses IPsec.