Yes. Theoretically it is possible for TPAM to manage passwords over a VPN connection. However, there are several constraints to take into account.
When TPAM attempts to perform a password change or checking, it will assume that the system is on the local network and is available. In order for it to be success over the VPN, the connection will to be configured it such as way as to mimic a local network connection.
This means that all the necessary ports need to be open in both directions, such as 445, or 389 or 22. (This depends on the platform in question.)
The VPN connection will also need to be established at the time when the schedule operation is to be done. TPAM does not have the ability to establish the VPN connection itself.
DNS resolution willl also need to work between the remote computer and the TPAM inside the internal network.
There may be other considerations as well, depending on your network configuration.