L&LD
Part of the Furniture
As a novice to VPNs take what I say with a grain of salt but here's what I "think" I've learned. There is a VPN client and a VPN host (server). What flows between the two is encrypted. The result ranges from security to the illusion of security and anonymity.
The tunnel host or the tunnel client can be your computing device or your router. If you've only one device you'll likely install VPN on it, if you've multiple devices you'll likely install VPN on your router.
VPN encryption is intensive. Sometimes to often it cannot keep up with your Internet service speeds. For example I've an 86U which does encryption in hardware. I believe it encrypts at about 200 Mbps. My Internet service is only 100 Mbps so I see virtually no degradation. The OP has 500 Mbps, he will see some degradation in performance.
If the OP set his router to be a VPN host he could take his laptop to the corner pub and view data on his home file share or view video from his home media share securely.
Now let's take this same laptop, same bar and connect to the Internet at large. It's possible that someone else could eavesdrop on him. If, instead, he connects to a VPN service his data is encrypted thus protecting him from eavesdroppers.
Now the OP was talking about setting his router up to be a VPN client which implies he wanted all his users to connect to a VPN service. That means his data goes to the router where it is encrypted, sent to the VPN host where it is decrypted and sent to the Internet at large using a different IP address. What does this buy him?
So you've made it harder for your ISP to rat you out but what about the VPN service? Especially the "Free" ones? Are they running a charity? Ha, probably not. We have moved the potential for monetization from the ISP to the VPN service. (Nah, I'm probably just overly cynical in my old age : -)
- Well, his wife could possibly hack him (because she's on the same router) but that's probably not an issue.
- The ISP no longer sees what he's doing. It's not that I think any ISP is going to hack his data but they can track his behavior and monetize his data (by selling his behavior to direct marketers).
- His IP address is changed thus camouflaging naughty behavior.
I can mostly agree with you, but I don't think I'm too cynical in my old age! I've been the same at every age.
In your example above where he connects to the internet at large, instead, he should be connecting back to his router and network which he has hardened as much as possible (algo?), that way, a third (potentially irresponsible or worse) party is never needlessly involved.
I'm also under no illusions that changing IP addresses via VPN's camouflage 'naughty' behavior. But as mentioned above, you need bigger actors (state, etc.) to see clear images at that zoomed in/out level (depending on your point of view).