They don't explicitly block it in my org, but connecting to VPN while it's running breaks the networking inside WSL.

Sometimes it is routed from the VPN, sometimes it is DNS, sometimes it just needs a restart. I'm not sure if that situation has improved. There were some workarounds at one point.