I have successfully used OpenConnect to replace PulseSecure. Depending on the server configuration, you might need to change the user agent to Windows and have a fake-host-checker-script. The Linux version of Pulse Secure requires your administrator to configure linux as "supported" on the server-side which is often not the case, which makes it pretty much worthless.

One thing I noticed is that the network-manager-plugin will disconnect you when changing networks, while the command-line-version reconnects without a need to re-authenticate.

In another instance, I used a windows host with Win32-OpenSSH. I used a proxy.pac script for web browsing and for SSHing I tunnelled using the ProxyJump option. You could also configure your Windows VM to act as a router and set the routes in the Linux host to go to the VM.