While we are good at helping with Pi-hole issues, your situation seems to revolve more around VPN gateways and RPis in general.
That said, I have still pondered this a bit. (click for more)
First, you should be aware that by setting up your RPi as a VPN gateway, you will effectively turn it into a router, probably forcing all your outbound network traffic through your RPi.
This is is substantially different from your Pi-hole just handling DNS requests, which is but a tiny fraction of your network load.
Would that be a model 3B or 3B+?
With a 3B, you'd already max out its single 100Mbit/s network interface with 50Mbit/s ISP download, since traffic has to travel in from ISP and out to your individual clients simultaneously, effectively halving your RPi's bandwidth.
By the bare numbers, this is just an inch from becoming a bottleneck if only ISP traffic is involved, but it may become one if you consider local network traffic as well. So don't host any additional services like your music and video collection on the same RPi.
Encryption will come on top of that, taking a bite off your transfer speed (potentially -and ironically- relaxing bandwith limits a bit).
Your router may be better equipped to do this, as it may feature some hardware encryption support.
It's probably worth noting that while the 3B's BCM2837 CPU is based on an ARMv8 Cortex-A53, it is lacking its crypto extensions (due to extra licensing cost according to this RaspberryPi forum discussion).
A Rock64 (also a Cortex-A53 design, but with ARMv8 crypto support built-in and enabled) does encryption significantly faster (about an order of magnitude).
I don't know about your router, but Microtik offers hardware acceleration for sha1 and sha256 on quite a few models.
You could try to alleviate bandwith issues by adding a second Ethernet adapater as an USB dongle, using the built-in for ISP connection exclusively.
If you decide on a Gbit one to handle your local network, you should be aware of the USB speed limit mentioned by deHakkelaar:
USB 2.0 max transfer speed is specified as 480Mbit/s, and that is shared by all USB devices connected to your 3B, including built-in Ethernet. This would nominally leave around 430Mbit/s for the second Ethernet dongle when maxing your ISPs download speed of 50Mbit/s with built-in Ethernet, though actual transfer speeds may be slower. (Similar limitations would apply to the only nominal GBit Ethernet interface on a 3B+.)
Also, lack of dedicated switching hardware (which again your router may have) means all traffic will have to pass through your 3B's memory and CPU.
Since all this combined will put considerably peak loads on your RPi for sustained periods at times, a good power supply and cable for your RPi becomes even more crucial, and you may want to think about effective cooling as well, lest your encryption rates and transfer speeds will drop to due your RPi throttling down CPU freq to counter heat built-up.
All in all, while it is certainly possible to run a VPN client gateway next to Pi-hole, I'd support @deHakkelaar in recommending to try enabling this on your router first.
You may have better chances for more specific advice by frequenting your router's or your aspiring VPN provider’s forums.