I was wondering if a VPN would add any kind of security or privacy if one is connecting to a host with a client/browser that supports DNS over HTTPS and that host supports encrypted client hello. Is there a way for the ISP or anything in between to shape traffic or even know what is being accessed? The only thing that should be visible is traffic between two IP addresses right?
To add to what the others have said, a VPN requires one end to authenticate to the other. Regular HTTP and DNS connections don’t.
If you need to access a service remotely, doing it over VPN requires the user to authenticate (to use the VPN).
If you simply expose the service publicly, even if the connection to it is encrypted, it doesn’t prevent random strangers from accessing it or trying to break in.
HTTPS does enforce at least one sided authentication though. In the scenario the service they access is most likely being hosted by a server that does authenticate via X.509 cert.
Unless it’s p2p of course.