Aye, it is a good thing to use VPNs on wireless connections. You migth want to use other link-layer features as well though. For instance, if I'm joe cracker and I know that you're running an AP that only allows VPN connections to get through, then I'll just bind to the AP, hack your machine (the one running the VPN client) and use it's previously established connection through the VPN. Ergo, VPN + only talking to specific MAC addresses is a good idea.

I was very surprised to see that 802.11 did not use the security features from 802.10. Anyone ever looked at 802.10? It's philosophically similar to IPSec.