is a technology that creates a secure, encrypted connection (“tunnel”) over an untrusted network like the internet
is NOT a single protocol, thus under the OSI model it can operate at the:
- Data Link layer (e.g., IPsec)
- Network layer (e.g., WireGuard, OpenVPN in TUN mode)
- Transport/Session layers (e.g., TLS-based VPNs)

VPN - Use Cases

Host-to-Site VPN (Remote Access)	user connects securely to a company network from anywhere
Site–to–Site VPN Router-to-Router VPN	two networks (e.g., branch offices) securely connect over the internet 2 types of Site-to-Site VPN: Intranet VPN - connects multiple sites of the same company Extranet VPN - connects different organizations (e.g., business partners) securely
Host-to-Host	user connects securely to a device from anywhere (e.g. Tailscale)
Personal VPN	individuals use it to protect privacy and bypass censorship (e.g., NordVPN, ProtonVPN)

VPN - Types

Point-to-Point Tunneling Protocol (PPTP)	an OBSOLETE method for implementing virtual private networks, with many known security issues
IPSec	is a good balance between security and speed. slower but more secure than PPTP e.g. IPSec VPN
TLS	utilizes SSL/TLS for encryption e.g. SSTP
WireGuard	modern e.g. WireGuard, Tailscale, OpenVPN in TUN mode