From the perspective of the stuff you are transporting over the VPN tunnel or ssh proxy. There is not much difference. The payload is encrypted and can't be seen in transit assuming the underlying VPN, or SSH tunnel is secure.

There are functionality difference. For an SSH proxy, you have to be able to use a different IP port, or you have to use a browser and configure a SOCKS proxy.

There are potential performance differences. Last time I tried using them for large transfers, I found the performance over a SOCKS via ssh tended to kinda suck. At least compare with a transfer over a VPN. It is possible this had nothing to do with SSH, and was problems with the browser I was using at the time. But this might not matter much for your usage.

How things could potentially leak might be different with a proxy. Depending on how you configure SSH and the implementation, your DNS might be resolved on your original DNS servers, or via the tunnel.

Attack surface comparison really. If the only thing exposed is ssh, or your vpn, which do you trust to have fewer vulnerabilities in the exposed authentication system?

Probably a toss up.

Now if you’re talking about exposing multiple ssh endpoints vs a single vpn endpoint, that equation changes.

But a single relatively secure endpoint……difference is pretty negligible.

If you tunnel ssh over a tun device then there is no really difference except you obviously have to handle the routing yourself (as you noted). There are differences in the traffic signatures, but we're not trying to traverse the Great Firewall are we? SSH also adds overhead. SSH channels are resilient and exceptionally managed within SSH but they are still there and adding encapsulation over whatever it is you're trying to do.