|The hvac folks aren't explaining themselves very well.|
They are talking about a public ip which when assigned would allow them access without going thru a router [kind of].
A vpn would be to your network and you don't want that.
From what you describe you will need to assign the hvac system a ip address in your lan's ip range. That is step1
Step 2 is you then have to modify your dhcp scope in the router to exclude this ip addess so there isn't a ip conflict.
Step 3 is to forward, whatever port or ports the hvac system is using, to that assigned ip address.
They would access the hvac system by putting in the ip address of your wan port of your router.
The real trick now is most people have dhcp for wan ip which means it changes periodically. They will have to call you and have you go to somewhere like ipchicken.com so you can tell them what the current wan ip address is.
Sounds complicated doesn't it? That is why most just make you put in a phone line and connect to the hvac system that way.
Answers are only as good as the information you provide.
How to properly post a question: