PPTP over SSH
Since SSH 4.3 you can now connect 2 tunnel endpoints over SSH, the overhead is likely to be quiet a lot however we can cut this down with lesser encryption. This was an alternative proposed by Kevin Page to be used instead of OpenVPN to provide a way to tunnel connections from SOWN[at]HOME nodes back to the SOWN network.
The nodes are already running an SSH server so no further software is required.
OpenVPN is a program which is designed primarily for being a VPN server and not a secure tunnel so may carry extra bloat which could be avoided by building on the minimalistic PPTP over SSH tunnel.
To set-up the tunnel you need to be able to SSH into the remote server as root. Because it is possible to view the contents of the flash on a Meraki it would be possible for a malicious user to gain root access to the VPN server. It is likely that this problem could be worked around however it was decided to use OpenVPN instead as it was able to work out of the box.
The current Debian stable (as of 2007-09-01) does not use Open SSH 4.3.
Here is how to set-up PPTP over SSH
PermitRootLogin yes PermitTunnel yes
On sown[at]home node
ssh -w X:X root@broker ifconfig tunX 10.13.X.254 pointopoint 10.13.X.253 netmask 255.255.255.0
(back to sown[at]home node) ifconfig tunX 10.13.X.253 pointopoint 10.13.X.254 netmask 255.255.255.0 route add -net 10.13.0.0/16 dev tunX
Another good guide is available 
10.13.15.253 is my desktop box inside the ECS firewall, which is accessible from sown.
Although this all sounds like a great idea look which level of access is required to broker :( so not ideal to systems from which users can ssh on their own. Should be fine on the sown[at]home nodes.