This scenario is a bit complex for this forum to be able to provide you with a solution, but I can point you down possible paths.
your proposed solution will not work.
The problem is how to get the VPN WAN packets onto the PPPoE link.
You can't use bridging because it is PPPoE. And you can't use routing with just the 2 addresses
options are from the information we have:
1. More publically routable addresses on a different subnet that you can route through to the VPN router
2. Give the VPN device a private address and use 1-1 NAT.
3. Don't use the 3rd party VPN device and terminate the VPN's on the ITM device
Hope this helps you down the right path