We use a janky vpn system where every device connects to a mother server on the vpn and sends messages to a port on a GO server. Looking to transition this to a real MQTT broker soon (hopefully before scaling forces us to). We'll probably use AWS IOT rather than brew up our own. I have used Xively in the past as well. For testing I use HBMQTT (python based open source).
Lol, we have all been there. Nothing wrong with running a message broker on a private network, unless you're sending all traffic through a single gateway. The easiest thing to do is probably swap out that Go server for a message broker and keep the VPN.
