How should I set up my Hyper-V server and network topology?
Solution 1:
I would personally have a separate physical firewall (Netscreen or whatever you're confortable with) that handles the VPN separately and invest in an out-of-band management system (like Dell's DRAC) to give you low-level access to your server (and firewall's console port if/when you want to update your firmware) in case of hung or crashed (trust me: this will happen) VMs or host, or when you want to do worry-free Windows Updates, etc.
The Netscreen should support IPSec mobile VPN access with an added benefit of two-factor (certificates and passphrases) for authentication. Been a while since I've used one, but I believe they have several VPN options available.
Going with a hardware firewall (or really, a "Unified Threat Management" appliance as firewalls with all the bells and whistles that most of them have nowadays) will also give you some flexibility down the road with regards to proxying SMTP/DNS requests, DMZs, etc. when you move to a production web hosting environment.