Does using a VPN protect against KRACK?
A (properly configured, secured protocol) VPN connection will not protect you from being "forced" to join the malicious access point, but it will prevent your communications from being eavesdropped on. The same is true for properly configured SSL / TLS.
The attacker in the KRACK attack sets up a malicious access point, which your device connects to as part of the attack (note that your device must have already connected to this device and trust it). Because your VPN tunnel encrypts communications between your device and the tunnel end point, while you may have fallen victim to joining a malicious access point all communications through that tunnel would not be susceptible to MITM attacks.