First, to address a point no one else has (so far)...the Pi has a "polyfuse" as part of the input power regulation. It "trips" when presented with too high an input voltage, but there are limits to what it can handle. Too much voltage and the board will fry. Depending on exactly how your PSU reacted to the spike caused by the lightning strike, and exactly where and how it hit, the polyfuse may or may not have tripped. If too much got through the dying PSU, the board may be toast as well.
If everything went as well as could be expected, the only thing that was destroyed was the PSU. As has been said, replace that with any decent one, such as the official RPF unit. However, no matter how good a PSU you get, it isn't going to survive a lightning strike. Any UPS will include surge protection (it will also include voltage regulation for overvoltage or brownouts...and a modern one will give you an audible alarm in those conditions). The main use of a UPS, however, is not surge protection. It's to keep the system running until the power comes back or an orderly shutdown can be done. You can (and I think, should) protect the UPS with a surge protector as having the UPS die protecting the equipment behind it is good, but having the UPS survive is better.
Since you are using your Pi as a VPN, you should also put your network equipment behind a UPS and surge protector as well. Otherwise, you may have a healthy Pi with no way to get to it. The protected network gear should include the cable or DSL modem, router (if separate), and any switches. Surge protection should also be applied to the incoming data line, phone line for DSL or coax for cable. Basically, anything that has an electrical connection outside your house that could take a lightning strike.
The best practice is to shut down and disconnect all electronics and as much electrical equipment as feasible if you are imminently expecting an electrical storm. I realize that's not practical when you're not home. So second best, if you live where there are such storms are a fairly regular basis, is to use surge protectors pretty much everywhere and UPSes for anything that needs to stay up or must be shut down in an orderly fashion.
I don't live where we get very many electrical storms, and ground strikes are pretty rare, but because computers and related equipement lasts longer when not subject to power surges from any cause, there are 4 UPSes in the room I'm in right now. One for my wife's PC, the Pi that acts as our alarm clock and it's speakers, 2 covering my PCs (yes, that's a plural), Pis, modem/router, switch and KVM switches. And 1 for the Pi my grandson uses. Each of them is behind a surge protector.