SSH VPN tunnel without having to enable root
Solution 1:
Normally on most distributions of Linux you can't bind to ports lower than 1024 without privileges.
It may however be that what you want to do can be achieved a different way. For example, if you are a web developer trying to work remotely you may want to use a Dynamic tunnel in Putty as a SOCKs proxy to have your browser requests come out at the destination server's end. Also any local port forwarding done with an SSH tunnel is reliant on permissions at the connecting user's end, not the server end. The only time permissions becomes an issue is when doing a Remote tunnel.
If you want to fully VPN over SSH, some customisation will be required at both ends. See this guide for quite a thorough walk through. That guide describes the process with a Linux remote user connecting to a Linux server. The process is not as simple (I don't even know how you'd do it nicely!) if the remote user is running Windows.
Solution 2:
A variation of that question would be: Can you lock down an ssh VPN over the root account so that the tun* devices can be setup but nothing else can be done? (shell, file transfer, port fwd, etc.)
This list of security options for sshd, etc may help figure this out: https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding