My favorite SSH trick is to have a machine at work SSH back to my home domain, and provide a tunnel back for Remote Desktop or what have you.
Wee, no VPN to deal with. No lack of a VPN for remote access to deal with.
Do be careful doing this, if your company cares, a competent network admin can tell what's going on.
You can defeat deep packet inspection by tunneling it over an HTTPS proxy, using the SSH ProxyCommand option and the proxytunnel utility
I worked for an organisation that decided to stop outbound SSH for reasons that weren't adequately well explained, exceptions were painful to get re-applied, so most people just cranked up corkscrew and did precisely this.
Only challenge is that getting corkscrew compiled on Windows is a massive pain.