I agree. If you don't mind tinkering, pfSense is the way to go, but it isn't for the sort of people who want something to just work right out of the box.
I run it on a compact Intel Atom box: http://www.newegg.com/Product/...
Round off that setup with 4GB of RAM and a small SSD for a quiet, power-sipping network appliance for around $200.
That setup firewalls/NATs a 50Mb internet connection, runs a VPN server, runs a Snort IDS/IPS, and runs a transparent proxy that captures all http traffic and runs it through a virus scanner.
Add a managed switch that can handle VLANs (Mikrotik sells a 5-port for around $40), and you've got a router on a stick. Now you can run a separate access point to provide free wifi to the neighborhood without compromising your own network, etc.
It's a really flexible setup, and I can't recommend it enough.