The CPU in the router is what is limiting you. Distance from VPN server and encryption cipher are other factors. AES-128-GCM will get you a little bump when compared to AES-128-CBC. Using SHA1 will be faster than SHA256.
If you want to stick with Asus-Merlin WRT, the AC86U has hardware acceleration and will give you improved VPN performance. Merlin posted some stats in the AC86U in the VPN forum.
Or, look into hardware that has a CPU that supports AES-NI and flash it with pfSense. Earlier this week, I converted an old PC to a pfSense router. I got some massive gains when compared to the AC88U. You can read about it in the Router forum
here.