Hello,
thank you for the staement. When i read your reply i think we have no security problem. The VPN between from us to the client uses only public ip's from our side.
Client My company
IPs => public ip's https
The client wants to connect to our API (world reachable), but he don't trust https only. So he wants https trough a vpn.
Best regards,
Holger