To grasp the concept of virtual privacy, you have to understand the character of conventional private networks. The opposite of VPNs are good, old circuit-switched dedicated private networks based on a number of dedicated leased lines (DLLs). VPNs commonly are deployed on a shared public infrastructure across "untrusted territory" beyond Open System Inteconnection (OSI) Layer 1 and use point-to-point or point-to-multipoint concepts such as virtual circuits, either switched or permanent, or "cloudlike" any-to-any connectivity, as with MPLS network edge architectures and MPLS Border Gateway Protocol (BGP) VPNs. Several virtual links constitute a virtual network that accomplishes privacy at arbitrary layers of the OSI stack. Although a common misperception, VPNs do not necessarily require encryption and authentication to achieve some level of privacy.
Note that a network of virtual links constitutes a VPN and that a tunnel carries out three basic tasks:
It provides a virtual link.
It provides data encryption; that is, it transmits the data in a secret code.
It provides remote-end authentication; that is, it guarantees who is doing the sending and receiving.