VPN technology is not prohibited by any law. for now.

For yourself personally and / or for the internal needs of the organization, you can use anything. Certified solutions are needed when you are either explicitly required (for example, to interact with a government agency) or you need to get some kind of official piece of paper on compliance (for a tender or certification).

As far as I know, the use of cryptographic algorithms not certified by the FSB is prohibited in the Russian Federation, except for the option of algorithms built into software or hardware.
For example, when importing various network pieces of iron with a crypt on board, permission from the FSB is required. They give it, in my opinion, without any problems.
In practice, any use of crypto can be subsumed under built-in and inalienable, and the authorities pay attention to this only when an organization requires a license for activities related to crypto, but in this case, much more is required. But even in this case, you can use non-certified crypto in areas not related to licensed activities, for example, banks in client banks are required to use certified encryption and obtain a license for this, but at the same time they may well organize VPN between offices on OpenVPN.