Then you'll need to get with your networking/security folks to determine if they allow communication to that port via VPN. What you'll need to determine is what port your SQL Server is listening on. If you have a named instance, you can configure a static port and if you have a need to use Kerberos authentication/delegation, you should. That listens on UDP/1434 and cannot be changed. How clients usually find the right port in the case of a named instance is by talking to the SQL Server Listener Service/SQL Browser.
What that means is should SQL Server discover that the port is in use, it will pick another TCP port. On a named instance, unless configured differently, SQL Server listens on a dynamic TCP port. On a default instance, SQL Server listens on TCP/1433 by default.