What I was trying to do was to block any traffic from a VPN tunnel from accessing any machines on my local network. I was not trying to block VPN traffic from accessing the internet.

eg.

PC1, PC2 (on local network)----2820 Router----(VPN Tunnel)----PC3

I was trying to stop PC3 from being able to see PC1 and PC2

And,
How did you write the rule ?

I could not work out how to create the rule as the 'direction' options are LAN->WAN or WAN->LAN. I was looking expecting a VPN->LAN option, but it does not exist.

VPN is the same as WAN.
For the filters, everything which is not the local LAN is the WAN.
It would not make sense, to create a seperate "VPN" filter, since the router then must maintain a dynamic table consisting of the currently implemented profiles.

Also, you would maybe want to block not every VPN profile with your rule, but, only some.
(You can create an object, consisting of all subnets you see as private or used by VPN, then use this object in the firewall for blocking traffic to all VPNs

Otherwise, just use the subnet as target for your Rule.

Thanks I've got that working now. I did not realise that VPN tunnels are considered WAN by the router.

Thanks

Andrew