JeremyNzl: Have you looked at the ubiquiti edge router series, I understand they do well with vpn and can also handle dual wan bonding. 

Nope. I think I found their stuff, but I've had good success with Draytek before, so I went with them. A workmate suggested I try a routerboard, too, but the management overhead was too much (this needs to be able to be managed, if I leave, by fairly non-network-knowledgeable people)