I don't entire understand why you want to go through a AUG for internal VDI access. If you use regular "direct connect" access, the ip-address of internal endpoints is directly visible as an env.variable. So that's covered.
Concerning the clients on the internet. Due to them very possibly being natted, knowing their public IP is not helping you as multiple clients that are behind the same firewall (in a hotel or another company), will all have the same public IP.
And as you said, using the end-point IP of "internet clients" is not helpful either as it might overlap with ip-ranges of your VDI environment.
What do you need that IP address for then? For external clients, it's virtually impossible to retrieve a really unique IP from them in each and every possible way they access your VDI. So many things you don't have control over.