[moviuro]

> in my router

That's probably the issue. A general purpose machine (with AES-NI), slap OpenBSD on it, disable DHCP server on your ISP router, let OpenBSD handle that... and done! (not for the faint of heart though)

You might even add a NIC to it, and act as another physical hop for firewalling, etc.

[mirimir]

I've had good luck with pfSense as a VPN client. Either as VMs, or on dedicated hardware with a decent CPU. If you're wanting more than 100 mbps, however, you probably also want a cryptoprocessor chip.

[shubb]

Thanks for the tip - I'll try out a connection with AES-NI CPUs at both ends and see if that helps...