ok, maybe someone else might be able to help you properly, since i’m yet to do my planned Jellyfin home setup
but it seems to me that maybe instead of running the VPN directly from you Pi, you should run it from you router, so your whole subnet is tunneled when going to the internet and inside your home you don’t need those shenanigans to connect to the Pi
if you did this, then you only need to install your mediaserver on the Pi (either Plex or Jellyfin, and although i haven’t used any yet, Jellyfin seems to be the one not currently being shitified, and the complete FOSS route) and that will probably be a much easier installation