Dirt Simple SSL VPN.conf

# provides a ridiculously simple SSL VPN, using a client side certificate. 
# Issuing client side certificates is easy, and there are plenty of
# demos already.
#
# The following files are assumed:
# ca.crt     This is your root certificate (note: NOT the key!)
# apache.crt An SSL certificate for this webserver
# apache.key The SSL key (to go with the SSL certificate)
# ca.crl     The revocation list from your CA (so you can disable access!)
#
# Auth is limited here to checking organisation (well, and that the cert
# is valid, which means it has to be issued by our CA).

<VirtualHost {external IP}:443>
        DocumentRoot /home/patrick/proxy/docs
        ServerName remote.your-domain.net
        ServerAdmin support@your-domain.net
        ErrorLog /home/patrick/proxy/logs/error_log
        TransferLog /home/patrick/proxy/logs/access_log
        SSLEngine on
        SSLCertificateFile /home/patrick/proxy/ssl/apache.crt
        SSLCertificateKeyFile /home/patrick/proxy/ssl/apache.key
        SSLCACertificateFile /home/patrick/proxy/ssl/ca.crt

        SSLVerifyClient require
        SSLOptions +FakeBasicAuth +ExportCertData +StdEnvVars
        CustomLog /home/patrick/proxy/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

        SSLVerifyDepth 1

        SSLCARevocationFile /home/patrick/proxy/ssl/ca.crl

        <Location />
                SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ and %{SSL_CLIENT_S_DN_O} eq "Your Organisation" )
        </Location>

	SSLProxyEngine
	ProxyPass / https://some-internal-server/
	ProxyPassReverse / https://some-internal-server/
</VirtualHost>

Much potential usefulness here