It sounds like the vpn and/or the firewall are interfering with the sync process. It's possible you'll be able to configure it in a way that doesn't, but keep in mind that the Bonjour sync defaults to using secure (encrypted) http.

In other words, it's already as secure as all the traffic that goes between your Mac and your bank when you log into their online banking system, or when you make a purchase on Amazon/eBay/etsy. (With the additional benefit of the traffic not going any farther than the WiFi radios on the devices installed can reach.)

Layering the VPN on top of that sounds like a lot of work for a little bit of additional benefit...