From your questions, it is not very clear what you mean.
A LAN range is usually one of these: 10.x.x.x, 172.16.x.x or 192.168.x.x. These IP addresses are private and not routable, so there are no public IP addresses in a LAN range.
Scanning for open VPN services would require you to probe some TCP/UDP ports, which are specific to every VPN type. This can be done with a different application of ours - Network Scanner.
Scanning for open proxies would likewise require you to probe common proxy ports, usually, those are TCP ports. Again, this can be done with the Network Scanner.
Scanning for rogue getaways, assuming you refer to a device configured to route packets, would require sending a specially crafted packet (e.g. TTL = 1, Destination = 126.96.36.199) and analysing the response.
On the whole, what you are asking requires a sound understanding of networking, and you would need advanced tools like Nmap. Unfortunately, that is not something we can further advise on.