Whoof. That's a big question.
To answer one right away, using session cookies invalidates most caches. You're basically telling the server "This user needs a special version of my site." And as you noticed, Varnish and Geolocation are not good friends. There's nothing built in to Varnish for it, unless you rebuild it with special add-ons (vmods) which we have not yet done.
Now is Cloudflare 'worth' using with DreamPress? It can be. And in your situation, it sounds like it may be. You certainly could try it out to find out, but yeah, not a great situation