Sorry, different reference case, did set me on the wrong leg. Didn't see that requirement for OP. Struggling 2 years with connectivity in the French Alpes, with geolocated satellites (700ms RTD), long ADSL line (at 1 Mbps), switched till last year to 3 SXT LTE kits with fixed 4G plans (200GB/month at 40€, very cheap plans, but fully congested in the important summer months and was down 3 weeks/month). FTTH was announced for 2021, but I estimate it will be 2023 if it ever comes. 'Unlimited' is the name of the plans, but the fair-use policy cuts the speed down to 256KB/s. Mid last year 1 Starlink dishy replaced all of this (but the 4G is still there for backup and for filling the beta blackouts).
How to tell Mobile devices that a wifi network actually is a "metered" network (4G with expensive volume costs) with MT AP ?
Starlink only works in the registered cell, it's not 'mobile'.
Mobiile 4G is solved with EU roaming plan, as the home plan includes the international roaming cost for double the subscription value. (Intl EU roaming cost is 3€/GB in 2021.) Most have an already paied for plan of 40€, giving 25GB roaming quota. (They have an 'Unlimited' LTE plan for their own country)
On the VPN problem, normally it is the VPN client software that selects what goes over the VPN and what is local internet access. The basic VPN software of the devices does not give that possibility, or at least is not to be remotely configured. VPN client software is an important part of the "VPN nomade user" solution. (I used Fortigate for many nomades in many countries. But indeed this required a specific VPN client (Forticlient VPN) to be installed.) Without control on the VPN client, one can only reject all unwanted traffic at the VPN server. Switching VPN on or off, was not usuable for many applications, they required a combination of HQ services and Internet services.
Depending on the budget and number of sporadic users, one could just give every VPN user a little router, that will do the VPN connection, and be smart to send only the necessary information over the VPN. With a mAP Lite that would be easy. Set up as station & AP, with all the VPN built in. The "station" would connect to any available wifi network, all client devices would connect to the provided AP. Shielded from the host wifi network at will. Ethernet port if needed. Powered by the USB of laptop, or powerbank, or mains.
Last edited by bpwl
on Thu Jan 27, 2022 12:17 am, edited 1 time in total.