How can multiple concurrent VMs (virtual machines) make use of a VPN?
First, let us consider what happens when two VPN interfaces are configured to have IP addresses 192.168.71.2/255.255.255.0 and 192.168.71.3/255.255.255.0. This configuration puts the two interfaces in the same subnet. As a result, if any traffic from 192.168.71.2 is directed to 192.168.71.3, the operating system knows how to handle it.
If we attach the NIC of VM1 (virtual machine one) to the TUN/TAP interface 192.168.71.2, and the NIC of VM2 (virtual machine two) to the TUN/TAP interface 192.168.71.3, then VM1 and VM2 are connected via the host operating system!
Even better, both TUN/TAP interfaces (on the host operating system side) can be configured to use an actual NIC as a gateway. This is done by configuring the OpenVPN server to bridge to a physical NIC.