What's the problem that tunneling is trying to solve?

[polaryeti]

Currently in my company, we're using VPN->Then RDP. And inside RDP, we access remote server. While some servers are directly accessible, some are not. We need to do tunneling for it. I'm failing to understand the point of tunneling. I've read articles after articles like this(https://www.gaia-gis.it/fossil/virtualpg/wiki?name=port-forwarding), but it's not entering my head.
Can't anyone who knows the server IP and has company VPN; tunnel and get access to that server? I know they can, but what's the point of that tunnel? They could've just filtered by requests coming via a particular IP say xx.xx.xx.xx to be allowed and reject everything else. What's the point of tunneling?

What's the problem that tunneling is trying to solve?

[requinix]

RDP servers are notoriously risk-prone. It's almost always a bad idea to have them open to the internet for anyone to connect to.
By "tunneling" through the VPN, the RDP server remains disconnected from the internet, but you can still access it by connecting to the VPN (which is going to be much more secure).

Ditto for the remote server. In your case apparently you need two hops, presumably because it's not accessible over the VPN directly, but the point is the same.

It's very common to have a database server not connected to the internet, to minimize risk, so to allow access you can VPN or SSH into the network and then tunnel to get a direct database connection.

[gizmola]

In addition to what requinix said, consider that private networks are using private "non-routable" IP ranges.  Outwards, your router is doing "Network address translation" (NAT)

When you want to access a particular computer on a particular port that is inside a private network, there is simply no way to do that, because these IP ranges like 10.x.x.x and 192.168.x.x and 172.31.x.x are reserved for private network use.  Core routers will never route packets with those IP addresses.

A VPN is giving you a private IP on the private network, and intelligently routing traffic meant to go to your intranet.

Production networks use the same ideas.  As requinix already explained, there are many good reasons to isolate servers inside a private network, and even subnet the private network to isolate groups of computers from each other.

Tunneling allows you to use a gateway server for entry into a private network, just as a vpn server does.  And you can then hop to another server, and perhaps others if need be, in order to create a secure tunnel that gets you network access to the server you want.  Most system administration is enabled by the use of SSH to connect and tunnel through servers to access other servers, that otherwise would be unreachable.