Getting connected to my work VPN was trivial once I was pointed in the right direction of which packages to use. Unfortunately, a snag was that I needed to Remote Desktop to my Windows workstation, but the work firewall was not up to date. It was blocking me.
I could, however, ssh to our Linux development server, so surely there was a way to use it as a proxy between my home PC and my work PC?
The solution: socat.
Easily compiled, establishing an appropriate tunnel was just a matter of invoking:
socat TCP4-LISTEN:5000 TCP4:my-work-pc.somewhere.net:3389
Pointing my Remote Desktop client to that server, on port 5000, meant that the traffic ultimately ended up at the correct place. Perfect.
Caveats here: This sort of tunnel is not encrypted. In this instance, no problem, as the Internet portion is still going over the secured VPN, and the work network itself is considered trusted. RDP traffic is encrypted.