Just my POV (I manage multiple environments for different customers for multi-user access from remote office or branch office sites with Quickbooks)
1) Do not use a VPN with Quickbooks - While Quickbooks has been around forever, they still use a mixture of SMB (file share), and the Quickbooks Server for datafile access. Intuit highly recommends against using VPN access because it can cause corruption of the datafile. The only time I'd ever use QB over VPN is if I had a symmetrical 100Mbps low-latency connections between both sites with no packet loss and an SLA (even then I wouldn't do it unless the customer commanded me to), and it was a Site-to-Site VPN connection.
*I've been called in to companies that suffered datafile corruption because their existing IT provider set it up over VPN which caused the corruption. When corruption occurs, it can happen slowly over time (without anyone knowing), until that one day where someone modifies or accesses the corrupt record, in which case the datafile will start spitting out crazy errors and simply not function. I've seen cases where a datafile became corrupt 6 months prior, but continued to function, however when we got called in to replace their provider, it turns out they only could go back up to a month with their backups (these cases turned out to be very expensive repair jobs that Intuit had to complete).
2) Typically remote environments for QB on-prem are configured either RDP (for very small environments or low budget environments), or via RDS/TS for larger environments (this is before they hit the point where they need QB enterprise). In a normal business environment you should have a TS Gateway configured for remote access, where users can RDP in to their machines (and run Quickbooks), this way the software client has direct access to the QB Server. Or in larger environments you may have a TS/RDS server.
Site note: If you're using TS/RDS, you can just push the app using RemoteApp. This way it "appears" to be running locally on the remote computer, but is actually running over RDS. Users often have no idea (but do require internet access). This way they don't have to deal with dual desktops.
Edit/Addition: You can do TS/RDS over VPN... You just don't want to have the native QB client accessing the datafile over a slow/lossy connection such as the internet. Main target is to have the QB clients on the same network as the QB server.
Sig was pwned by Moderator!