@Kevin_Z 

1. The problem is I have only one client enabled with VPN connection out of 30 in my router and therefore trying to limit strain on CPU, but as others mentioned it simply caps at abovementioned speed and never goes over that. So, it is clearly a limitation if the router's resources or something else in the programing. 
2. AX20 is another name for AX3200?

  @PCMAC_Genius 

If you only need VPN on a single client, I would not bother with a vpn at all. A VPN really is by design optimal when you are managing a lot of clients/hosts or when you are managing several sites. There really are WAY better options that are WAY faster & WAY WAY more secure, particularly when you look at the VPN server options provided in consumer grade networking equipment (& pretty much everything TP-Link, regardless of how it is marketed, is consumer grade). I mean PPTP isn't even supported by most modern clients as it really is not secure, it is in fact a nearly 50-year-old & relies exclusively on the client-side stack for any security or encryption. In fact, security issues is mentioned in the very first sentence on the wiki page for PPTP. TP-Link's implementation of OVPN also isn't very robust, with no script security standard & using only AES-128 encryption (the value of which vs. 256 or 512 is debateable and probably fine, if not best practices, however that is all moot since they actually include the TLS certs privaet key right in the router generated .ovpn file which is just a human-readable text file. Also, they opted for persistent tun & persistent key, so obviously renegotiated security is not implemented. Not to mention that most HW VPN or FW-VPN (s2s) devices are only equiped with 100mb NIC's, which is fine, more than adequate for the most part.

But (when the choice is ovpn or pptp) I would suggest another route, be it a tunnel or some p2p-like implmentation.There are many options, ranging in function and security from open/unencrypted to a 8192-bit encrypted key for local like network access only, to complete RDP or virtualized desktop-like acess with more function than you could ever need. There are Argo/Inlets/v2Ray types of solutions *{check out cloudflare, you can set up an SSL encrypted tunnel in a seperate segregated IP netblock with 2FA or SSO authentication options for free via cloudflare (using a cloudfklare managed certificate only; you can use a self-managed cert, i.e. $$$ via Digicert or free via Let's Encrypt cert, but cloudflare requires a paid subscription for that option)}. There are also SD-WAN options that are similar to the cloudflare solution only can be much more private with self-hosted keys and certs, but I am unaware of a decent free SD-WAN option, aside from those that come with the purchase of some brands of SAN or NAS equipment.

Any way, there are a million & one options that will be faster, more secure & more reliable. Heck, even an SSH tunnel, or a browser based solution, such as FoxyProxy and dynamic port forwarding with a SOCKS proxy, plus the many newer generation ZeroTrust tunneling options. Anyways, check out opentunnel(DOT)net for some of the x-/v2 -ray, proxy or other vpn options available for no cost.

Having no idea on your specific hosts/clients, your needs/usage scenario, I can't be too specific, but there are many better options viable for a single host connection, options that will be much quicker, it's usually faster using a p2p-type connection vs. adding hops to VPN servers & that will not bog down the connection for the rest of your network clients.