this was my own vpn setup to keep secure network between my server and my laptop/workstation. But it also easied task to connect to my laptop... So I kept traffic encrypted over network but opened a door to somebody who pwned server.

no, there is nothing in init.d. I am checking ssh keys and grep'ing disc image in hope to find something suspicious.