I would second the IPsec recommendation. Whenever feasible, use IPsec instead. It's way faster with lower CPU utilization because EdgeOS enables support for HW cryto offload. For example, IPsec can easily do >100 Mbit/s on ER-X if not more.
On some occasions, OpenVPN just comes handy. E.g. VPN over TCP. Looking at openssl binaries of my ER-X (v1.9.0), I see
OpenSSL 1.0.1e 11 Feb 2013 built on: Sat May 28 13:02:16 PDT 2016 options:bn(64,32) rc4(idx,int) des(idx,risc2,16,long) aes(partial) blowfish(idx) compiler: mipsel-linux-gnu-gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -O3 -D_FORTIFY_SOURCE=2 -Wl,-z,relro -Wa,--noexecstack -Wall
Seems to me openssl was compiled without ASM (assembly code) optimization. I meant options such as these:
-DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM
Did UBNT try but found not working on edgerouter platforms or haven't got time to try?
From my estimation, on the 880MHz ER-X, with ASM optimization, OpenVPN throughput can reach ~50 Mbit/s if not slightly more. Still way below IPsec but it's free..