The correct way to do with would be policy routing..http://www.dd-wrt.co...y_Based_Routing
Does you netgear support dd-wrt? Do you have a box you can run a routing distro with, pfsense can do this very simple. Be in a VM or native on the box?
If you want to do with with netgear and dd-wrt, I would suggest you contact your isp and have them bridge your device, no reason to double nat. But can work with it if needed.
If you can put dd-wrt on your netgear let me know and we can walk through that option, or if you can run say pfsense as your router that too works.
Or other options - does your xbox need to talk to the rest of your network.. Or can it just be accessing just the internet through the vpn connection?
with policy based routing everything would be on 1 network, with another way to do actually be easier with another router and you would double nat to different routers - if you don't care if xbox is on your current network can do fairly simple with what you have.