I'm making sense of how to implement the VPN Enforcement feature and would like to hear from others who have set it up.

The way I understand it to work is this...

User connects to the internet (eg with a laptop using a 3G card). Once it detects the internet connection, it switches to the Location specified in the "Switch To" setting on the VPN Enforcement page.

And I have it prompting to connect to the VPN client at this point.

What is puzzling me is... what's the point?

It doesn't seem to make a difference whether the user connects to the VPN or not. The Location in the Switch To setting can have certain restrictions but once connected to the VPN, the Location doesn't change. So, before or after connection to the VPN the same restrictions are in place.

Perhaps I'm missing something in the way this is meant to work.

How has anyone else set this up?

Ideally what I want to happen is....

User connects to the internet - so has enough restrictions (or un-restrictions) to allow this. This would include connecting at an airport or hotel where you connect via a web page. Usually this would be with a 3G modem

then the user is forced to connect to their VPN (in our case we have a dongle and log in. So, I can cause the login screen to appear on VPN switching)

Only allow internet access as long as the VPN is connected. And block access if it is not.

Any thoughts are happily received, thanks