"A tunnel is a mechanism used to ship a foreign protocol across a network that normally wouldn't support it. Tunneling protocols allow you to use, for example, IP to send another protocol in the "data" portion of the IP datagram. Most tunneling protocols operate at layer 4, which means they are implemented as a protocol that replaces something like TCP or UDP.
"VPN tunnels allow remote clients to tunnel into our network. This supports the previous notion of tunnels being used for "unsupported protocols," even though that may not be apparent. If we VPN into work to gain access to printers or file sharing, it's probably because ports 139 and 445 (the Windows mating ports) are blocked from the outside. They are, in effect, unsupported TCP ports across our border routers. But if we allowed IPSEC or PPTP across the border, to known VPN servers, then everything "just works.""
