You guess wrong, while >=v2 is significantly faster than v1, it's still way too slow for routing 500 MBit/s. You are dealing with a 720-750 MHz mips single core SOC, and this CPU needs to route the packets from WAN to LAN, handle PPPoE, the firewall, NAT tables, etc. Your router CPU probably can do that up to 100-150 MBit/s, beyond that will not be possible with the hardware. Yes, it has 1 GBit/s ports and you can achieve that between its LAN ports (the CPU isn't involved in this traffic, which is solely handled in the router's switch hardware), but anything that needs to go through the CPU is severely affected by this.
Another topic is your desired VPN functionality. As mentioned, VPN is highly CPU intensive (the popular OpenVPN dæmon much more than IPsec or wireguard, but I'm using the faster IPsec as basis here), your CPU might manage somewhere between 25 MBit/s to perhaps 35 MBit/s (the later would be very optimistic) of encrypted VPN throughput. While this might look sufficient for you, it means the CPU is taxed to the maximum, 100% CPU load flat out - but the CPU still needs to handle the PPPoE session, routing, firewalling, NAT table, etc. - remember your CPU is only a single core...
So assume your friend is connecting from a 50 MBit/s connection (one tenth of your own WAN speed), his client is a notebook which is much faster than your tl-wr1043ndv2's mips SOC and has no problem maxing out these 50 MBit/s, so it will try to get that through the VPN, pushing your router CPU over its limits - leaving to starvation on the router's CPU, which no longer has capacity to fullfil its tasks. That means your friend's performance is affected (you can ignore this), but given that your router's attempts to do the best it can to serve your friend's VPN tunnel, it also no longer has enough capacity to serve your own (non-VPN routing) as well (and your router can't even do that without an active VPN). Multi-core routers would be in a better situation here, while the VPN might peg one core, there's at least a second to keep track of the WAN connection (routing/ firewall/ NAT/ wlan).
That doesn't mean your router won't 'work' (v2 or newer of the tl-wr1043nd should be fine for several more years to come with current OpenWrt), it's just not fast enough to cope with your WAN connection, meaning you won't achieve your expected throughput and might experience "stuttering" under load. For performance expectations above 100-150 MBit/s you do require relatively recent and pretty high-end routers; ar71xx can not cope with those speeds.