Can I do 'this' with VPN - maybe with DH?

A client wants to setup a VPN where they connect to a DH or other box, and from there they can securely visit any website, whether it’s internet, their intranet, or of course sites on their DH server. It’s a matter of simple security. They want to be able to use any site, they just don’t want their data on the wire, in the open, at least not from the end-user to the server.

We understand that a non SSL query made from any client to any remote web server will be in the open. But we want that on the back-end. My client wants to use the internet from any location without concern for the adequacy of local WiFi security. They don’t want any local packet sniffers to see the domains they’re visiting, query strings, or any return payload details.

So the question is whether DH can participate in this, where we use VPS or a shared domain, company employees VPN into DH via or whatever, and from there DH will proxy all requests.

I understand we can’t host OpenSwan or OpenVPN at DH. An extension of this might be to include caching : For example, if there are 5 employees going to the same site, maybe we can inject a Squid proxy to improve performance. Of course we can’t put Squid on a shared host but I believe it would work on VPS, no?

I can elaborate if required, I just want to open the discussion and see where it needs to go. Even if we can’t host all of this at DH, I’m looking for suggestions on how and where to do this. I’m sure my client will commission the right talent for more in-depth information and assistance.

Update - am I looking for Tunneling?
Can DH SSH proxy HTTP and other requests?