Can one use a Raspberry Pi as a firewall/VPN router?
Sure. That can be done on any machine on which you can compile a kernel and which has two network interfaces. You’ll have to add a USB-Ethernet dongle.
Some distributions available for the RPI already have all the tools necessary included.
Something to consider is that VPN may demand a bit of horsepower, depending on your bandwidth needs. Runs fine on much less powerful CPUs in DD-WRT routers for typical broadband speeds, so the Pi would do fine with broadband too.
Using a Pi for routing is a bit of waste considering that OpenWRT or DD-WRT compatible routers are more feature-full for the purpose and are near the same price. Also, they have covers and nice blinkenlights.
Disclaimer: I don’t have a Raspberry Pi ::gnashing of teeth:: but I’ve done it on less powerful ARM boards.
Tell you what, send me your Pi and I’ll send you a pre-flashed DD-WRT router in return. 
its possible you might not be able to get the full 100Mbps through the rpi
Can you? Of course !
Should you ? Erg NO!
It would be slow and unusable.
Oh, I don’t have one yet either…
But RPI might use less energy than a typical Router.
You don’t need two network interfaces for a router, you can run multiple tagged VLAN’s on a single interface. I do this on a lot of routers, mainly because I love network segmentation so much. I think a raspberry pi would make a great router assuming the network interface is decent enough to handle it.
Alternatively, you can use VLANs so that you can route between networks using only one NIC.
Typical routers have extra ethernet ports and WiFi which each consume a bit of current, but their CPUs are most often lower-powered than the Pi’s.
The Raspberry Pi however has pretty hefty video circuitry and would require an extra dongle. I’m not sure the contest would be clearly one-sided. I’ve read that 5V/1A is the recommended minimum for just the RPI board. Call it 6 watts with the USB-Ethernet dongle. Here’s a thermal image of the RPI under load.
I’ve just measured my Netgear router at 0.73 amp, 12 volts. That’s about 7.6 Watts. For a couple watts more, I get 5 Ethernet jacks, WiFi and DD-WRT. It’s a nice trade-off.
I didn’t mention VLANs because some ISPs’ routers will not let the customer use them on the LAN side. It’s even more iffy with your typical user gui-oriented firewall configurators. It’s asking a lot of knowledge of the user. With a single NIC, you’d also need an extra switch or a USB hub + WiFi dongle to act as an AP.
Lastly, in case of configuration errors you might end up with a DHCP-enabled NIC directly on the internet. With two NICs, as long as the router doesn’t forward and nat blindly at that point penetration is restricted.
Interesting, thx for the info
My Raspberry Pi at idle barely even registers on my power meter. <1Watt.
I haven’t checked it while running with a significant load.
You can probably add one more watt for every gigabyte ethernet port you actually use on your router but even the most powerfull router will not break the 10 Watt.
Power meters are notoriously inaccurate at low ranges, have you checked with an ammeter?
Since a couple of chips get up to 50°s and 60°s, less than one watt would be very surprising.
As for load, a couple of `while :; do :; done &` would suffice.
No, I haven’t checked with an ammeter. I doubt that would be any more accurate though as I would expect a lot of transients in the current draw.
The chips are tiny… It doesn’t necessarily take much power to heat them to 60°C.