How it Works : To make use of the VPN, the remote user’s workstation must have the VPN client software installed. A firewall sits between a remote user’s workstation or client and the host network or server. When connection to the corporate network is attempted, the VPN client software will first connect to the VPN server by means of a tunneling protocol. After the remote computer has been successfully authenticated, a secure connection (secret tunnel) between it and the VPN server will then be formed as all subsequent data being exchanged through this tunnel will be encrypted at the sending end and correspondingly decrypted at the receiving end of the tunnel. As such, the network tunnel between them, even though established through the un-trusted Internet, is still considered secure enough that the remote computer can be trusted by local computers on the corporate LAN.
In short :
You connect to the Internet through your ISP. The VPN client software on your computer initiates a connection with the VPN server. The VPN server encrypts the data on the connection so it cannot be read by others while it is in transit. The VPN server decrypts the data and passes it on to other servers and resources.
For better security, many VPN client programs can be configured to require that all IP traffic must pass through the tunnel while the VPN is active. From the user’s standpoint, this means that while the VPN client is active, all access outside their employer’s secure network must pass through the same firewall as would be the case while physically connected to the office ethernet. This reduces the risk that an attacker might gain access to the secured network.
Such security is important because other computers local to the network on which the client computer is operating may not be fully trusted. Even with a home network that is protected from the outside internet by a firewall, people who share a home may be simultaneously working for different employers over their respective VPN connections from the shared home network. Each employer would therefore want to ensure their proprietary data is kept secure, even if another computer in the local network gets infected with malware. And if a travelling employee uses a VPN client from a Wi-Fi access point in a public place, such security is even more important. However, the use of IPX/SPX is one way users might still be able to access local resources.