VPN helps to protect the requestor to go through a resource without letting the requested entity know who the requestor is.
Let’s say there is an SSL connection to google.com and we search something
- Translates to GET request – > www.google.com/q=search (Layer 7)
- Layer 4 – [ SourcePort – 123 ][ www.google.com/q=search – Body ][ Destination Port – 443]
- Layer 3 – [Source IP]  [ www.google.com/q=search ][ 443][Destination IP]
- This entire layer 3 packet is encrypted and sent to VPN
Layer 3 – [Source IP]  [ encrypted packet ][ 443 ][VPN IP]
- VPN receives and decrypts the packet and forms a new layer 3 packet
Layer 3 – [VPN IP]  [ www.google.com/q=search ][ 443 ][Destination IP]
- Later google receives it and responds back to VPN. This means that Google only gets to know the requestor was VPN.