I have to see if I can find a solution to the following: There is a secure network, on the Internet, behind a generic firewall, where my customers operate. I have my own network in which I have servers etc, also secured by a generic firewall between me and the Internet.

I want to be able to set up a temporary VPN from my network to my customer's network, so that I can get into my customer's network interactively and to transfer files and do general support.

OK, No problem, I can use an OpenSSL server on a Linux box on my customer site, and then get into their network in via a browser.

EXCEPT...my customer wants to be the one to initiate the VPN, so the process is like this: Customer on Customer system initiates browser, SSL connects to my server and sets up an SSL VPN. Then, from a system on my network, I have to enter the VPN "backwards" and go to my customer's site down the vpn "pipe" that he initiated.

It's a bit weird...initiated from one end, used from the other....anyone got any ideas or is this a bit impossible???

You would need to use a net-to-net bridge / routing type VPN, rather than client-based VPN.

I have a net-to-net bridge with my office. I can access any computer in the office (as you'd expect with a VPN), but I can do it from any computer in my home network, and any computer in the office can access any computer in my home network.

The VPN connection is maintained by the firewalls at each end, so it's transparent to the clients at each end. I have the connection initiated and started automatically, but you can configure one end to be a listening device, then the other end to initiate it.

I'm doing with using OpenSwan