What you should consider is configuring vpn split tunnelling to allow Microsoft urls to directly go over internet and intranet traffic to go via vpn. Make sure to include the cmg and blog storage urls in the split tunnelling configuration. Obviously your VPN needs to support this. Preferably URLs over IPs. See if you can find the list or else let me know and I can share it over here.
Once done, adjust or create boundary group in ConfigMgr for VPN subnets and add CMG as the resource.