Everything can be done outside of a specific distribution.... most distro's will even include the needed tools.
I've already done most of it (with the exception of a login page) That really just sounds like it could be implemented with a CGI script that kicks in an ipfilter script to allow that address access to the external network. So by default, your routing everything on port 80 to your local server and changing that rule once someone clicks a button.
Traffic monitoring is simply done via ipfilter rule sets and your flavor of graph generation. Probably by now someone has already rolled a utility to handle this (I had to do mine by myself some time ago
For failure detection, you simple implement some monitoring for the ip addresses. MIDAS is probably over kill for this, but it does a good bit of stuff. Instead, if NetSaint is still under active development you can give it a whirl. (be prepared to get your hands dirty as the last time I looked at it there was no gui installed).
Instead of VPN, you could simply use SSH tunneling and a simple utility to redirect needed ports. (Just some web based monitoring should do and all that entails is port 80) SSH will give you more flexibility if you need more ports or maybe just https available to a specific IP range.
Everything else is just simple reports and the medium is not difficult.
You are just going to be pooling a little bit of knowledge from here and there.
But as far as I understand, there is no distribution which does exactly what you are asking for.
I might be wrong....