Some of us are subject to regulatory compliance and/or PCI-DSS. Accessing anything on my internal network from outside without two-factor authentication that is logged is a sure way to fail many kinds of external audits.
Requiring the use of a VPN defines the single point of entry into your network. That's one point to monitor, secure, and administrate; not one for every server you want access to over the public Internet.
If you're trying to remote into a company LAN or VNC things then your main block is company IT policy rather than Linux capabilities
Your main block for remote access to a company's internal network is more likely to be the vendor's operating system support, not company IT policy. The two VPNs I manage both support Windows, Macs, and Linux with (mostly) the same code. Unfortuantely that means it's Java based, and it has been very problematic because of that. On people's personal Linux installs, a combination of not following instructions and the version of Java they're running virtually guarantees that it won't work for them the first few times, if ever. In the case of Apple, every time they touch something in Safari or Java it screws up the applet in some way, requiring a reinstall of the program or waiting on a client patch for the VPN. The Windows version certainly isn't perfect either, but the issues there are known and easily fixable.
Remember to say hello to your bank teller.