As you’re thinking of using Vodafone UK, I’ll chip in here. I have a couple of of X750s I’m very pleased with, which I use in place of wired xDSL connections, one at home and one at another site. (On the basis of this positive experience, I plan to deploy a bunch of the X1200s elsewhere once support is properly upstreamed as it already is for the X750.)
I’m running an image built from a local openwrt tree I use across all my installs — nothing exciting, just master with a handful of bug fix and cleanup patches that I’ve not got round to posting upstream yet. However, you don’t need to do this as the factory openwrt firmware works absolutely fine out of the box with a Vodafone uSIM.
The X750 also has a u-boot web-interface that lets you reflash using a standard openwrt squashfs-sysupgrade.bin file if you’re hacking around and manage to build and install an image that won’t boot. This makes it particularly convenient and forgiving for working on custom images.
Jeff is absolutely right about mobile operators and their fetish for carrier-grade nat; there’s also no IPv6 connectivity at all on Vodafone. More generally, you’ll be disappointed if you expect any technical proficiency from them as ISPs — I’ve had more convincing technical discussions with my cattle than with mobile network staff.
That said, they do provide a surprisingly reliable ‘dumb pipe’ which you can use to connect to greener pastures. For example, at the farm I use a Vodafone ‘unlimited max’ SIM (£27/month) and set up an (unencrypted) L2TP session to Andrews and Arnold (£10/month, highly recommended) who provide proper static IPv4 and IPv6 connectivity.
Even paying extra for the L2TP service, this works out cheaper than the slow 2Mbps ADSL available here. Our 4G/LTE coverage is good enough to give 60/30 Mbps down/up with roughly 35ms latency. (Amusingly, the latency to most sites is lower over the L2TP than without it, presumably because aa.net make the effort to peer properly.)
I don’t do any kind of crypto on the X750 and I completely agree that a 650MHz MIPS would be way underpowered if you tried to use it as an encrypted VPN endpoint. I’ve no performance complaints as a straightforward router though.
Edit: I don’t have any queue management running on those routers either, and SQM would push the cpu a bit harder, albeit nowhere near as much as doing software AES or similar. Queue management might be quite tricky to get right, in any case, as the link bandwidth in both directions can vary by as much as a factor of 1.5 during a typical day.