SEP12.1 runs a cut down version called the LiveUpdate Engine, and is no longer a separate piece of software bundled with SEP, but is now a wholly SEP managed component.
As such, the options for the LUE are now managed from within the SEP LU Policy, where you can control proxy settings and the like.
By default, the SEP12.1 LU policy tells the LUE to use "...my Windows Internet Options proxy settings (default)", which means it's going through the user's proxy.
If your VPN software allow split tunneling, you might want to consider setting this to "I do not want to use a preoxy server..." so that it goes direct? If not, then you may wish to check out your proxy server to see if it is caching content and disable the caching to see if this helps the clients update.