(Presumably your users have already logged in via the VPN?)
The redirect_uri should be the URL that your users will see in the address bar in their browser.
Google's servers don't connect to it directly, so (like "localhost") it's fine that it's not internet accessible, but the user will be redirected to this URI after a successful login/authorization, so they will need to be able to connect to this URL from their browser - presumably though they already started on this same site before being redirected to the Google login/authorization pages (which in turn redirect back once done).