How VPN Clients Get IP Addresses from VPN Routers

I'd like to know the nitty gritty details of how VPN Remote Clients are given Private IP Addresses on a Remote Network when they connect to the StrongSWAN or OpenVPN VPN Server that's embedded in VyOS Routers, as well as how Virtual IP Address Pools fit in the process.

In the past, I just assumed that VPN Servers built into Routers established a virtual tunnel exit point as a point of entry for remote clients to connect to a remote network, and pointed the remote clients to DHCP Servers that existed on the Remote LAN, but then I started noticing that Several VPN Solutions mention something called Virtual IP Address Pools ("VIPAPs"), which made me question if there's more going on then I'd previously thought.

• What exactly are "VIPAPs" why do they exist? What purpose do they serve?
• Are "VIPAPs" separate from DHCP? (which also has a pool of reserved addresses)
• Are "VIPAPs" dynamically generated based on the DHCP pool range?
• If "VIPAPs" have statically set ranges, should they perfectly overlap DHCP range or should they be part of a reserved space outside
  of DHCP pool range?

Here's my Current Understanding:

I believe that in the past you used to have WAN -> Basic Firewall/Router and establish port forwarding of ports associated with VPN connections to a VPN server on the LAN. Such as a OpenVPN Server or StrongSWAN VPN Server. Now adays a mini OpenVPN Server exists on pfSense Firewalls, and a mini StrongSWAN VPN Server exists on VyOS Routers (and if you put these on the edge you don't need to forward ports.)

strongswan.org mentions something about a Virtual IP address pool. Let's pretend we have a 1 ethernet port computer acting as a StrongSWAN VPN Server. My understanding is that by default port forwarding (or DMZ) sort of remaps the WAN IP to the Laptop's private IP so it's accessible from the internet when behind a Firewall/NAT'd Router. And by default, the Server's Ethernet Port has a Private IP address 10.0.0.100, and a Virtual Network Adapter tunnel interface with an IP address in a 3rd subnet that's only used for routing through the virtual tunnel. Then whenever a remote client connects to the VPN Server, the VPN Server attaches a Virtual IP Address to it's Ethernet Port, which represents the client.

How it gets that Virtual IP Address for the client is the part that's confusing me.

Normally when I attach a new computer to my network, it gets an IP from DHCP's DORA process which occurs at layer 2. It gets DNS and subnet info from the O stage of DORA process. A VPN client would be coming into the network at layer 3, and not have a layer 2 presense on the remote network, and thus couldn't use DHCP which operates at layer 2.

Maybe when a client connects to a VPN Server, the VPN server makes a virtual network interface on the VPN Server to give the client a Layer 2 presence on the remote network, and the VPN Server initiates DHCP DORA process by proxy on behalf of the remote client, and then the DHCP server on the remote network assigns an IP address with DNS info to a virtual network interface that exists on the VPN Server and this virtual network interface represents the remote client? (Not saying it works like that, just saying I'm trying to visualize how it might work.)

But if it's that simple then why does something called Virtual IP Address Pool exist? Or am I getting my concepts mixed up and VIPAPs have nothing to do with remote DHCP resolution?