Moreover, security gurus all claim VPN to be the method having better security.
I go for the filter on source IP. VPN will just expose another firewall function to the internet, (ike or tcp 1723...). IKE deamon itself on multiple platforms has had its own share of problems , so imho vpn isn't the holy grail:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1