My ISP upgraded me from 100 to 1000mbps, need help optimizing cable speeds

[Stack of computer parts 9]

I had not planned on upgrading my internet but it rolled out free so now I have a new project

My firewall appliance has a cpu that was only able to produce about 140mbps, which I knew when I bought it, but like I said I had no plans to pay to upgrade my line anyway and I was getting just over 100 with it running airvpn for my whole home.

I have since offloaded the vpn functions to the client CPUs themselves to remove the bottleneck the firewall appliance was causing.

On my computer with a 2700x (8c/16t) I am now reaching about 250~300mbps with hummingbird on whatever server it autoselects, which seems about right.
My wifi clients are clocking in at about 300-350mbps unencrypted / ~ 150-200mbps encrypted on 802.11ac 80mhz channel, that is pretty acceptable and also the hardest to deal with anyways.
Besides server selection, which Ill do later, are there any optimizations I should look at?

On my prior setup I used multiple vpn connections as part of a multi wan shared gateway. I did this for uptime consistency on the 100mbit connection, although it did push the average speeds up from about 90mbps to about 100-110mbps. Could I do a similar thing with hummingbird or openvpn to increase my speed past the theoretical 250-400mbps threshold of a 1gbps air server? The 10gbps servers are all quite far away from me I doubt they are faster(for me, but I will also try anyways).
The multiwan I was doing before was outlined here:
https://nguvu.org/pfsense/pfsense-multi-vpn-wan/
Using debian can this be done with hummingbird or openvpn? I assume all the functionality is in debian itself to do the gateway grouping. If so would it have any affect on total throughput?

If I cant up the VPN speed past ~400 on a single connection under the most ideal conditions(I know there are many conditions to get this). And there is no way, or no point, to doing a multiwan with several vpns. Is there any point in me continuing to pay for 1gbps or can I safely downgrade to 500mbps or less and save some money? My ISP gave no increase in upload speeds with this upgrade, so its about 15mbps up whether its 1000mbps down or 100mbps down making there no advantage in paying for a higher service to increase my upload bandwidth.

Some things Ive done so far
Traffic shaping to fight bufferbloat using this guide:
https://maltechx.de/en/2021/03/opnsense-setup-traffic-shaping-and-reduce-bufferbloat/

All NICs involved have multiqueue enabled

all checksumming is offloaded

Modem was upgraded to to an approved one to actually hit the gigabit speeds

Thanks all!

[go558a83nk 362]

you might want to just use wireguard on pfsense.   No doubt it'll be faster for you.  This is the video I used to help me setup wireguard. 

https://www.youtube.com/watch?v=wYe7FzZ_0X8

[Air4141841 24]

I have a fiber connection, but will never spend the money to go above 100Mb symetrical.  its just not needed for me.

the Netgate Pfsense appliances in my opinion are a great option.   but for whatever reason the one that can handle 1Gb has been discontinued the SG3100.    I would roll your own router with intel Nics 
 

[Stack of computer parts 9]

I have opnsense which has a wireguard plugin but the CPU on my router can't keep up past 100mbit encrypted so until I upgrade I am stuck. Also the security warnings of using wireguard I was reading from airvpn make me disinclined to tuse it anyways.