Notes:
You can automate the ssh chaining in your "vpn"
script of course.
By default OpenSSH will not allow X connections from
any machine beside the one you ssh'd into. The X
cookie files is in /tmp on that machine so not available
via NFS. These can be modified, but requires sysadmin
cooperation at the work site. SSH classic is user
friendly, but less secure in its X redir defaults.
The "-encoding hextile" was mentioned earlier on
slide 12. Maybe hextile isn't optimal, just use anything
besides "raw" (default for localhost)