I haven't had a change to test this in the lab thought I throw it at here.
If you set your adsl router as "pass-through"
vpn, then installed the RRAS role in W2K8 server, configured it as VPN with PPTP security protocol, what happen if you connect your VPN client over the public network, which are following occur:
The initial connection is not secure as the VPN client (this could be a notebook) attempts to connect to the router, then the router passes through the traffic to the VPN server then encrypt the traffic once the connection is established between the vpn client and the VPN server
Or, The initial connection is encrypted as soon as it connects to the VPN server via the router router