I've seen it done before where it was fully transparent to both networks. This required the tunnel to be setup on the default gateway for both networks. Again, as mentioned before and you agreed too, this is not a solution I would ever want to see in production for a company I was at.
> which imho obviates OP's claim of SSH 'simplicity'/'ubiquity'
Which I agree, it isn't simple, but I was replying to someone saying it wasn't possible, not that it is easy to do.