Are there any big security risks for opening ports 1433 and 1434 to VPN Only?

So my organization is using VPN and Remote Desktop (RDP) for telecommuting. Due to some internal issues it has been requested of our Network staff to open ports 1433 and 1434 (SQL Server ports) to VPN traffic only so that local windows apps and SSMS can access SQL Server directly without RDP. So this is not opening up to public. My question is, is this a big security risk to open those ports to the VPN traffic? It is being debated in our organization now. I don't think it would be a big risk because a hacker would need to gain VPN access and then get AD credentials or service account credentials to access the actual SQL Server. I believe those two layers of security make this low risk not high. Additionally, we recently updated all AD passwords to require more characters (15), special char, numeric, upper, lower.