Correct on the OSPF, I just do it that way (because I'm weird). I have a separe VPN security zone which I'll throw the port/vlan for "Internal VPN" into. That way it's easier to keep adding VPNs in the future and keeping their traffic seperate but equal in case I ever need to lock them down a bit more.
Thanks for the help! I'm almost done implementing the changes and will post all of my configs when I have it working.