I think OP means prior to connecting to VPN so you are minimally exposed during the interim VPN setup.
Same technique could work, just more annoying (static route for VPN provider IP to your LAN gateway, and static routes for your trusted DNS provider, then only allow a default route to be established once VPN is connected).
Same technique could work, just more annoying (static route for VPN provider IP to your LAN gateway, and static routes for your trusted DNS provider, then only allow a default route to be established once VPN is connected).