Reliable outbound SSH tunnel through a restrictive proxy. Read more: http://post.ly/k4O9

build-tunnel.sh

#!/bin/bash
echo
date
echo "----------------------------"
if ssh -O check tunnel@vpn.example.com; then
	echo "Tunnel's up."
else
	echo "Starting up tunnel..."
	if ssh -R 2222:localhost:22 tunnel@vpn.example.com -f 'sleep 3300'; then	
		echo "Seems good."
	else
		echo "Didn't come up."
	fi
fi
echo

ssh-config

ControlPath	/tmp/ssh-%r-at-%h-%p.ctl
ControlMaster	auto


Host vpn.example.com
  DynamicForward 1080
  # Through 2 proxies
  #ProxyCommand ~/proxytunnel-1.9.0/proxytunnel -v -p localhost:8888 -r www.example.com:443 -d %h:%p -H "User-Agent: ozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
  # Through 1 proxy
  ProxyCommand ~/proxytunnel-1.9.0/proxytunnel -v -p www.exmaple.com:80 -d %h:%p -H "User-Agent: ozilla/4.0 (compatible; MSIE 6.0; Win32)\n"
  ServerAliveInterval 30

vhost.conf

<VirtualHost 10.0.0.17>
        DocumentRoot /var/www/localhost/htdocs
        Customlog vpn.example.com-access.log combined
        ErrorLog vpn.example.com-error.log
        HostnameLookups On

        ProxyRequests on
        AllowCONNECT 22 2022
        ProxyVia on

        ### Deny everything by default
        <Proxy *>
                Order deny,allow
                Deny from all
        </proxy>

#       <Proxy 123.45.67.89>
#       <Proxy machine.example.com>
#       <ProxyMatch .*\.example\.com>
        <ProxyMatch (vpn|router)\.example\.com>
                Order allow,deny
                Allow from all
#                Deny from all
#
#                ### External (customer) sites allowed to connect
#                Allow from customer1.example.net
#                Allow from customer2.example.org
        </ProxyMatch>
</VirtualHost>