Just curious: Wouldn't visiting sites like http://neverssl.com work? If it doesn't, then it's a good opportunity for someone to put a static-ip behind something like http://neverssl.com
No because often they redirect you to a DNS address that only exists in their internal DNS. And that internal DNS is often to an internal only IP, so you can't VPN all your traffic. e.g. you'll go to http://neverssl.com then get bounced to http://some.internal.net which resolves to 10.10.1.1 which finally serves the portal you have to click through.