Veracrypt is good, free and open source. If you are serious about this you really should encrypt the whole OS installation, because chunks of sensitive data can end up in e.g. the swap file or temp files outside of the encrypted area otherwise. Veracrypt can do this as well, and at startup, you are prompted to enter the password before booting. If you feel that it takes too long to unlock, the solution is to lower the PIM iterations count. This will decrease security somewhat, but if you are up against a truly skilled/coercive adversary like a government, you're screwed anyway. It will definitely protect you from the average thief even with a lower PIM.
And yes, you can change the password/PIM without needing to re-encrypt the thing. This works by using a layer of abstraction. It generates a strong key to encrypt the data, and then it encrypts that key with the password of your choice. So if you change the password, they just re-encrypt the key without needing to generate a new key and it will still unlock the same volume as before.
Edited by kano, 30 March 2018 - 12:28 PM.