You've learned how VPNs create encrypted tunnels across untrusted networks. Site-to-site VPNs connect offices permanently. Remote access VPNs let individual users connect securely.
IPsec uses phases. Phase builds a management channel. Phase negotiates data encryption. Security Associations define the keys and algorithms for each direction.
SSL/TLS VPNs traverse firewalls easily using port . Hub-and-spoke topologies simplify management. Full mesh provides direct paths but scales poorly. DMVPN offers on-demand direct tunnels.