Offline access if Bitwarden is hosted inside a VPN

We’re running self hosted Bitwarden inside a VPN. This means that users can only access Bitwarden (Web, Browser Extension or Desktop App) while connected to the VPN.

When not connected to the VPN you will be logged out as soon as the app or browser extension loads. We assume this is a security measure taken if the server is available (as in responding with a valid HTTP status (403)) but the API endpoints aren’t.

We would now like to know what best practices you recommend for our use case. Should we make Bitwarden publicly accessible? How could our users keep using the synced copy of their vault while not also being connected to the VPN?

Example use case: A user restarts his computer and is offsite. He doesn’t know the password he needs to connect to the VPN as it’s saved in Bitwarden. How could he get access to the VPN?

Thank you for your support!

Best regards,