Didn't catch that.
Anyway, OpenVPN "users" are not like Linux "users". They're special accounts with keys that only work through OpenVPN. An OpenVPN client doesn't have a Linux account that they can log into, and vice versa, unless you specifically create both accounts for them.
As for an ssh proxy, just run this:
ssh -f -C -ND9999 user@host
google-chrome --proxy-server="socks://localhost:9999" http://whatismyip.com
That command will automatically open whatismyip.com, which is useful so you can compare the IP to your system's normal public IP, to confirm that the traffic through that web browser is actually going through the tunnel.
Your friends can do the same with their own accounts. You don't even need real accounts with shell access on the host, a jailkit account with no shell access can still use it for ssh proxy tunneling. You can do it on Windows systems too through Cygwin, the syntax is almost identical. Make a script to run it and then put it in a shortcut, and they can run the shortcut just like they can any other, to create the tunnel and open chrome automatically, provided the necessary ssh keys are set up to allow authentication without a password.
I do this when I'm on the road all the time. My home server is in the US, and when I'm out of the country I just tunnel home and watch Netflix with normal privileges.
The nice thing about doing it this way is ONLY the traffic through that one web browser will go through the tunnel. Everything else works normally through the user's normal internet connection. So it doesn't screw up local shares, printers, etc. like a VPN does. And you don't need to worry about subnet conflicts.