Basically there are in-kernel VPNs like L2TP, IPIP and tun/tap device VPNs.
OpenVPN uses the tun device and this causes context switches and the encryption is not offloaded to hardware on most machines because the vendors don't release GPL drivers for their crypto engines if they exist at all.
You could try wireguard.io - that uses fast modern crypto that is also quite fast on MIPS and is a in-kernel VPN.
On their mailing list they reported up to 60mbit/s on a 841N TP-Link router - so this might work for you.
The datasheet from Lantiq for the chipset used in the HH5A says there's a "Data Encryption Unit for IPSec". The question then becomes does LEDE for the HH5A support that embedded crypto engine, or if it's OpenVPN that needs to do so whether that supports it.