It would be an OpenBSD on a MIPS or ARM Cortex A7 SoC without SPECTRE and bootkits.
With a software like
https://securityrouter.org/wiki/Pricing
Tunnel could be done via OpenSSH or OpenVPN inside OpenSSH port forwarding configured to use strongest Nitrokey PRO2 & HSM2 algos for authentication of both sides (client and server) and many client keys would be needed as an option of hybrid client keys.
It could provide many fail over channels to prevent local ISP attacks.
They could be implemented as bonded VPN channels and even improve bandwidth.
Also anonymization via obfsproxy, TOR, I2P, public proxies can be added, very useful for countries with censoring.
You can find something like it without anonymization and penetration at:
But I guess, my idea would offer stronger protection?
I do not care about its bandwidth performance, for me only security and penetration through different types of DPI do matter.
Would be very useful for remote offshore work.