It sounds like you are making too many assumptions which are not true and don't have internal consistency. Let's see how things really work before we do anything else.
When a request matches one of the rules you've set up in the Configure WAF page it will be blocked and the user will see the message or page you've set up in Components, Admin Tools, Web Application Firewall, Configure WAF, Customisation, Custom Message. If you have not set up any custom message, Admin Tools will use the language string ADMINTOOLS_BLOCKED_MESSAGE defined in the System - Admin Tools plugin's language file. If the file is missing or corrupt it will fall back to the message "Access Denied".
Admin Tools will store the blocked requests, including their IP addresses, in the Blocked Requests Log as long as the Log blocked requests option is set to Yes (that's the default value).
If an IP address is triggering blocked requests more frequently than your configured frequency then this IP address will be automatically and temporarily blocked. These temporarily blocked IPs appear in the Auto IP Blocking Administration page.
If more blocked requests come from the already temporarily blocked IP address the length of the temporary ban is extended.
Temporarily banned IP addresses are shown the message you have configured in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban, Show this message to blocked IPs.
Every time a temporary ban is effected against an IP it is recorded in the Auto IP Blocking History. If you have enabled Permanently disallow IP after setting in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban and this happens at least equals to the number of times you've configured there (per the Auto IP Blocking Administration page) the IP address will be added to the Site IP Disallow List (not the WAF Deny List as I mistakenly wrote earlier).
If you have enabled the Components, Admin Tools, Web Application Firewall, Configure WAF, Basic Features, Disallow site access to IPs in the IP Disallow List option then any IPs listed in the Site IP Disallow List and any IPs matching the address ranges / net masks / CIDR blocks listed in the Site IP Disallow List will be blocked from accessing your site. These IPs are considered permanently banned and are shown the message you have configured in Components, Admin Tools, Web Application Firewall, Configure WAF, Auto-ban, Show this message to blocked IPs.
These are the only blocking features present in Admin Tools.
Admin Tools does not store any IP geolocation information. Not only have all integrated IP geolocation features been removed since December 2019, even when they did exist they were informational, they were not stored anywhere. They would only be acted upon to block requests only in the context of you applying explicit country or continent blocking, a feature that's been removed as I already said. It would be absolutely nonsensical to have an entire city being blocked if one IP allegedly from that city appeared to be attacking your site, which seems to be what you implied in your previous response. No, we never did that. That would not make any sense whatsoever!
As I already told you, I need you to go to Components, Admin Tools, Web Application Firewall, Unblock an IP, enter the IP address and click on Unblock this IP. This will remove it from ALL of the log and IP blocking areas of Admin Tools.
If that doesn't unblock you, it's possible that your server believes that all requests come from the same IP address (note that this is NOT consistent with you saying that turning off your VPN makes your problem disappear). In this case all of the Blocked Request Log entries would appear to be coming from the same IP address. If this is the case you can the Enable IP Workarounds feature in Admin Tools' Configure WAF, Basic Settings. After doing that you need to use the Unblock this IP yet again.
Based on all of the above, the only thing that would make even remote sense is that you have set Log blocked requests option to No, you have not entered a "Show this message to blocked IPs" message in your Admin Tools configuration, your plugin language is missing or corrupt AND accessing your site through the VPN is triggering one of the WAF rules you've set up in Admin Tools.
You can't troubleshoot with no logging, just by making assumptions. First, you'd need to re-enable logging by setting Log blocked requests option to Yes. Then you'd need to set a "Show this message to blocked IPs" message to something. Access your site with your VPN. You should see your "Show this message to blocked IPs" message .
If you do not see your custom message at this point your problem IS NOT with Admin Tools.
If you DO see the custom message check the Blocked Requests Log. What is the IP, Target URL and Reason listed there?