You best bet is to load openvpn on the router itself with a DD-WRT image. This tends to get around many of the NAT and port mapping issue that are involved with any VPN.
If not you can still use openvpn on a server it just tends to be more complex in some ways. You may want to run it using SSLVPN rather than pptp or l2tp. SSLVPN is slightly slower since it is TCP based but you don't have worry about the issue of getting protocol 47 or protocol 50 though the router NAT. Note you cannot map these ..they are not PORTS they are protocol and the router will either know how to handle it or it will not.
There are a number of commercial solutions if you are willing to pay for them but they tend to be very expensive. I thinks cisco charges about $100 per user and that does not include the cost of the device itself