Comment 13 for bug 207506

Solution found in (pre-release) Jaunty!

From the VPN tab of the Network Connections window, select a VPN connection and click Edit. From the IPv4 Settings tab, click the Routes... button near the bottom of the window. The "Use this connection only for resources on its network" checkbox will prevent NM from changing the default route. (This appears to be new in Jaunty -- Intrepid does NOT have this option.)

Personally, I would prefer this checkbox defaulted to ON (do not automatically tunnel all traffic) to match the behavior of other VPN clients I've used (including Cisco VPN client, vpnc and older versions of NM). Ideally, this would still allow the VPN concentrator to pull all traffic to it (by including 0.0.0.0/0 in its split tunnel list) but I haven't tested this.