I don't understand what you are trying to do.
Personally I would install openvpn in a KVM. You can follow literally any guide for your preferred OS inside a KVM
You need to describe your actual network layout.
How is your router configured? Are you Natting all your traffic through a router? If so, you might need to do a 1:1 NAT for that device
The bond resides OUTSIDE of your VM. It's on the host. Inside your VM all you should see is a single nic that is presented to the VM. If you want to play with bonding inside the VM you need to present your VM with multiple nics.
This is a basic concept of virtualization networking.
No. I have linux VMs running on hyper-v with no tools installed. HA should handle the failed status of the host. It shouldn't touch the VM power state.
I don't use HA on proxmox but at work, all my hyper-v and esx VMS run in HA, and when powered off from the VM, they stay off. If proxmox changes this expected behavior from every other hypervisor, they might want to rethink that
I've never heard of that.
How do you keep new and idle VMs from just turning on? Sounds like a pretty stupid design....HA doesn't mean power shit back on that I turned off.