Essentially, you outsource the blocking to your VPN server in that scenario. You can have a blocklist of advertisers, trackers, or bad-behaviour like SSH/HTTPS scans, etc. You would generally download a list of misbehaving netblocks and block them on your firewall, then download a list of known-bad domain names, and block them from being resolved by DNS (i.e. just return 127.0.0.1, which is your local device, which always fails)
Essentially, you outsource the blocking to your VPN server in that scenario. You can have a blocklist of advertisers, trackers, or bad-behaviour like SSH/HTTPS scans, etc. You would generally download a list of misbehaving netblocks and block them on your firewall, then download a list of known-bad domain names, and block them from being resolved by DNS (i.e. just return 127.0.0.1, which is your local device, which always fails)