So I don't forget. On Leopard, there's a VPN setting called "Send all traffic over VPN connection." In theory, unchecking this box will make only connections to VPN-related IP addresses go over the VPN. This doesn't always work. The reason was explained by "Frank" on a comment to this post:

On Leopard there is a checkbox which enables or disables setting of the default route via the VPN. It is in the advanced settings and called something like "Send all traffic through the VPN".

HOWEVER, this only works if the order of the network configurations ("Ethernet", "AirPort", "Firewire", ...) is so that your VPN comes AFTER the interface you're connected to the internet. You can change the order by clicking on the little cog icon next to the +/- icons.

If your VPN comes before the Ethernet or AirPort then the default route will always be set to the VPN regardless of whether you ticked that little checkbox.

:) But wait - there is more.

For each VPN connection you can configure DNS servers. Those are only configured in the /etc/resolv.conf when the VPN connection is sorted above the Ethernet and not below.

So the net result is: You can have VPN with properly configured DNS servers but the default route will always be the VPN

OR

you have the VPN without the default route via the VPN but also no DNS.

This makes perfect sense... but it's not entirely intuitive in the OSX dialog.

By the way, if you happen to still be on Tiger. The above-referenced post itself provides the script-centric method to get the same effect on Tiger.