No it is not possible with my ISP. To run any local services is a violation of the ToS agreement. The ports and services they close they will not open. I've tried. They also incorporate a watchdog on all sockets that destroys them after so many minutes of "birth". This kills client services such as VPN, SSH, etc. Web services often aren't affected since most web elements are downloaded within 300 seconds +/-.
I would go away. How do you get IPIP working over that? Probably not working correctly either.
IMHO the dependency is a moot issue. If I used your VPN I'd be dependent on you... but you're suggesting that you can still reach me if my ISP's edge router dies and this is not true. Also if I were on your VPN, I would have to travel all the way to the netherlands and back half way across the US to reach say Indiana. So very inefficient.
I don't suggest that you would use only our VPN server, you could connect it in addition to some other to have additional redundancy and maybe a more efficient path to western europe.
You (or ARDC, using their money) should eastablish one or more VPN servers on the eastcoast and/or Canada, then you connect there and those servers connect back to UCSD or maybe even advertise some of the locally assigned subnets on internet BGP.
Then it will improve your connectivity to internet, and connectivity to other AMPRnet systems is the same or similar.
Furthermore, you can buy a 4G router and use that as a backup for when your ISP link or -router dies, and you can switchover all your routing to that path automatically within seconds. Even when its address is dynamic and probably even when they have such idiotic policies as your ISP appears to have (because the VPN will just re-establish when it fails).
Rob