>>Well it depends. If I wanted my friend to be able to surf whatever webpages he wanted at work by bypassing their firewall, or a friend overseas who wanted to get around their government restrictions - sure. If I was a system admin and didn't want my employees screwing around all day on unapproved websites or a dictator of a repressive communist country then I would not.
>
>Ok, so internally, that software uses alternative routes (protocol) to go outside so users can bypass the local firewall and do whatever they want.

For the most part yes. Generally VPN's don't really 'bypass' the firewalls - they 'tunnel' though firewalls. The VPN client creates a connection to a VPN server somewhere else. The important part is that it then also alters your routing tables, which generally results in the fact that the IP layer now routes all or some of your outgoing traffic into the VPN client instead of directly out the interface. The VPN client then wraps the entire IP datagram into another TCP packet (and at this precise moment the original packet becomes effectively invisible to the IP layer), and this packet is now sent to the VPN server (which unwraps it and then passes it on). The net effect of this is that of a "tunnel". Firewall and routing rules which would ordinarily apply to a packet are "bypassed" by pushing the packet through the VPN connection. Which also means that if the VPN tunnel handles ALL your outgoing traffic.