diff --git a/Documents/bin/smile-exec b/Documents/bin/smile-exec
index 220ca5c337ecce84b53ce43db557b5380d2e52d7..e3f782c12aca495f23073bc0d00fa470cc536186 100755
--- a/Documents/bin/smile-exec
+++ b/Documents/bin/smile-exec
@@ -19,10 +19,6 @@ vault_addr() {
     esac
 }
 
-connected_to_vpn() {
-    [ "$(dig env.smile.config TXT)" = "$SMILE_ENV" ]
-}
-
 aws_account() {
     case "$1" in
         sandbox-1) echo "696774765305";;
@@ -64,8 +60,8 @@ fi
 
 if ! echo "$envs" | grep --quiet --fixed-strings --word-regex "$SMILE_ENV"
 then
-    echo "Environment $SMILE_ENV is not a valid one." >&2;
-    echo "Valid environments are: $envs"
+    echo "Environment $SMILE_ENV is not a valid one." >&2
+    echo "Valid environments are: $envs" >&2
     exit 1
 fi
 
@@ -83,9 +79,19 @@ export VAULT_ADDR="$(vault_addr "$SMILE_ENV")"
 VAULT_CAPATH="$(bundle show smile-cli)/lib/vault_ca"
 export VAULT_CAPATH
 
-if [ -n "$VAULT_ADDR" ] && connected_to_vpn
+connected_vpn="$(dig env.smile.config TXT | xargs)"
+if [ -n "$connected_vpn" ]
 then
-    aws-vault exec "smile-$SMILE_ENV-admin" -- \
-            vault login -method aws -no-print role=smile-ops
+    if [ "$connected_vpn" != "$SMILE_ENV" ]
+    then
+        echo 'Connected to a different VPN than the requested environment.' >&2
+        exit 1
+    fi
+    if [ -n "$VAULT_ADDR" ]
+    then
+        aws-vault exec "smile-$SMILE_ENV-admin" -- \
+                vault login -method aws -no-print role=smile-ops
+    fi
 fi
+
 eval exec aws-vault exec "smile-$SMILE_ENV-admin" -- "$@"