VPN Pivoting is one of the best but also most elusive features in Metasploit Pro, so the best way is to see it. That's why I've decided to post a snippet of a recent webinar, where HD Moore shows this feature in action.
VPN pivoting enables users to route any network traffic through an exploited host with two NICs to a different network. For example, you could run nmap, Metasploit network discovery, or Nexpose vulnerability scans through the VPN pivot. Using a TUN/TAP adaptor on the Metasploit Pro machine, the exploited host shows no trace of a new network adapter. This enables you to get full access to a local network after having exploited a single machine, e.g. after a social engineering attack. Here's the video:
Note: This video is an excerpt from the webinar about Metasploit 4.1 entitled “What's new with Metasploit? HD Moore's personal tour of the next product version”. To view a recording of this webinar, please visit this page.