So if you use those gateways, you cant setup your gateway line to both serve internet as well as for some occurances (the local ip's) via a tunnel! especially not via a vpn module that is intended not to interconnect gateways but to serve clients with a zentyal gateway provided VPN tunnel. So you mingle that, you mingle zentyal interconnection and management with regular user management as it is coupled to VPN module. Wouldn't do that.
So for to be sure, this is the situation you want?;
Clients A - Zentyal A - Internet A
Clients B - Zentyal B - Internet B
Zentyal A interconnected via Internet A to Zentyal B via internet B via VPN tunnel to provide Clients A + B with one seamless internal LAN?
If that is the case, I'd suggest just setting up zentyal as you normally would, providing their clients. without even considering the vpn tunnel to interconnect both zentyals, I'd save that for last.
Then I need to state that I don't use zentyal dashboard for this solution, if you NEED/DEMAND your interconnection be done via Zentyal, I thik its not possible at least not in non commercial edition, since I don't see any VPN probability via gateway / iinterface definition pages. The VPN module, again is not to serve as client, it is to serve clients with its SERVER capacity, yes it can serve to public interface, No it is not setup, preconfigured or doesn't seem at all to provide gateway interconnectivy, at least not in the non commercial zentyal edition. The suggestion below is how I'd try to solve this;
Assign DIFFERENT LAN (internal) IP in SAME subnet to both gateways.
Assign DIFFERENT LAN (internal) ranges to provide for each DHCPD setup you have running, so clashes after interconnect are prevented.
make sure each DHCPD can only serve internally and is taken from the interconnection, using static IP's p.e. and firewall rules may help. To prevent clashes.
Assign roles, who is to serve the VPN and who is to client, or both if you want two lines open. Then setup and use these connections manually from the command line, as if you're not a zentyal gateway and just setting up VPN via ubuntu. use rc.local and cron to check up, create and maintain these connection so it's automated.
Then assign DIFFERENT internal IPS to successful VPN tunnels. You could bridge/route/bind them to static IP aliases on top of your internal interface, so you would only need to allow VPN communication between both Zentyals within firewall tab within dashboard, the rest will operate on top of your internal interface and is therefor already managed by its rules. Just keep DHCP, NTP such things out of there, keep that local and make sure its served only local by say use network objects to associate ip ranges to block services via firewall tab.
In short, I'd make sure both Zentyals wouldn't clash at point of adressing and such in one physical LAN, then I'd set both to serve as normally, then I'd EXTERNALLY via command line setup interconnection over its gateway channel (internet interface) and bind that to internal or something, automate /ensure via rc.local ((re)boot) and crontab (continuety while running).
Oh and never forget about DHCP on internet line. How are you setup/ maintain VPN interconnectivity if both outside IP are dynamic? Use dyndns or some ping script solution.