Could I get your thoughts on using an Asus router with aes-ni instead like the AC86U to act as a vpn client instead? It seems like it might be cheaper and faster although not nearly as full featured as pfsense.
According to the specs, both routers comes with chips from same architecture (ARM v8 Cortex-A53) which support AES-NI. The Asus is slightly faster @ 1.8GHz whereas the SG-1100 is clocked at 1.2GHz.
Yes, CPU is the most important spec in regards to VPN performance but keep in mind that depending on how many clients are connected and whether you plan to run an OpenVPN server on your router in addition to the client, RAM can factor in as well... OpenVPN recommends a minimum of 1GB for most. The AC86u has 512MB RAM, the SG-1100 1GB.
Also, the SG-1100 doesn't provide WiFi so you would need to add an AP if you don't already have one (I use UniFi APs which are great performers).
It all comes down to needs obviously and as you mentioned, the Asus is more limited in features than the SG. If your plan is to route your entire home network over Sonic's VPN, keep in mind their production server goes down rather frequently... I don't know that you can easily configure the Asus for VPN fallback like you could with the SG so just something to consider. But if you decide on the Asus take a look at the Merlin firmware fork which supports the AC86u. It has more features than the stock Asus firmware with some optimizations for OpenVPN. Enabling NCP using AES-128-GCM would probably be your best bet in terms of balancing security and performance.