By good performance consider ppp tunneled thru
the SSH (or other encrypted) link (see later in the talk).
There is an extra set of ACK's, etc, that have to go
back and forth. Our setup is an efficient redir of
the data flow (because SSH is very good at this).

Not requiring root on the remote end can be crucial
if work-side policy allows only regular user work.
We can still do a heck of a lot with this "VPN"!

How DNS works for a regular VPN seems to be tricky.
Especially if the work DNS does not resolve internet
hosts. We don't have that problem and do not need any
new IP's or routing.

Packet leaking: whoops the packets are routed unencypted
thru the internet trying to get in thru the firewall.
The ssh "VPN" is very restrictive in ports, like a firewall.