Designed for worst case scenarios, a VPN kill switch instructs your VPN service to continue protecting your online anonymity even when your connection drops. It’s considered an advanced feature, invaluable for people who must keep their identity a secret, no matter what, such as whistle-blowers or journalists acting under the jurisdiction of harsh governments.
A VPN kill switch is also an important weapon for casual users who frequently download illegal torrents over a virtual private network app and who often step away from their computers for long periods of time. They have no way of knowing if and when their VPN connection fails: torrent traffic is re-routed through the regular Internet network and your IP address and torrenting activity will be exposed to your ISP.
Must-have safety measure for torrent downloads
Without you even realizing it, your ISP tips off the local authorities to hand over details about your illegal activities and contact information. Or your ISP starts throttling your bandwidth to prevent you from downloading torrents again. All of this is permitted by VPN applications which do not come equipped with a proper safety measure in case of connection drops: the kill switch.
Thanks to the many perks of VPN services, more and more people are opting for secure Internet connections, whether they want to hide browser activity from ISPs, enjoy unrestricted access the Netflix libraries of other countries, or keep hackers at bay when using public, insecure hotspots.
However, the reliability of a VPN application doesn’t solely consist of how many encryption modes it has or how fast it is. Consistency is key on the long-term. A serious software developer knows that increasing the security levels of a VPN service, like adding a VPN kill switch, is essential for keeping their clients happy and loyal.
How the VPN kill switch works
Kill switch technology has become indispensable for virtual private network apps. It adds an extra layer of security against IP, DNS and WebRTC leaks. This way, there’s no room for mistakes when it comes to VPN vulnerabilities.
Under normal circumstances, your network traffic is routed to the public Internet as soon as the VPN network drops, which means that you become exposed. But if you are equipped with a kill switch, it will get immediately signaled by the VPN service to terminate all Internet connections by preventing your computer from going online.
Takes over the system firewall to control Internet access
The VPN kill switch represents a specific set of rules of conditions to be carried out in the worst possible scenario. It receives an automatic trigger when the VPN connection fails to work. Basically, the kill switch tinkers with the firewall settings of your computer.
It can not protect more than one network interface at the same time, so you shouldn’t toggle network adapters if you want to remain under the protective wing of the kill switch. In addition to this, the kill switch must lift its restrictions and restore Internet access as soon as one of two events take place: the VPN connection is working normally again, or the VPN application was closed.
Triggered by VPN connection drops
VPN connectivity issues can happen due to a wide range of reasons, such as Internet connectivity issues, hardware errors, VPN application errors, or unexpected device events. Sometimes, it might take a while to connect to a specific VPN server, during which you might be re-routed via the public Internet. Other times, it’s possible that your VPN app is marked with a red flag by your system firewall or anti-malware application, in which case you must add it as an exception.
Connection drops are also set off by using a wrong VPN protocol, using an unstable VPN server or faulty port, having a poor Wi-Fi signal or busy network, or having your bandwidth already throttled by your ISP. Don’t worry, though, since these problems have workarounds.
In other cases, VPN connection failure may also occur when you manually restart the computer without first disconnecting, or when the PC automatically reboots due to system updates or software installs that require a reboot. The network is disconnected right before shutdown. And when this happens, all your hard work to protect your IP address and details about your browsing activity will be in vain.
VPN kill switch for the entire system or just specific apps
Depending on how the feature was implemented in the VPN application, you might be given the choice to stop Internet connections for your entire device (system-level kill switch) or just specific applications (application-level kill switch). Some VPN tools can also stop LAN traffic.
If you opt for the app-level mode, keep in mind that, without Internet access, those apps will no longer get updated. Therefore, make sure to exclude security-oriented applications from the kill switch, like anti-malware or anti-spyware programs which must receive round-the-clock updates to be able to protect your computer from the latest threats.
Isn’t the kill switch already enabled?
That’s rarely true. Many users don’t always use a VPN application when going online, but only resort to its services when they want to perform a specific activity, like watching Netflix: it’s not illegal but just not possible to do in some countries without the help of a VPN tool.
Subsequently, it’s not necessary to keep a kill switch activated at all times, especially since there are risks involved with failing to restore the previous firewall settings after the VPN connection is restored (more on this later).
The point here is that, no matter if you’re interested in activating the kill switch or not, you should check your VPN app to see if it’s already enabled.
Active and passive kill switch
Depending on the approach taken by the VPN provider, there are two types of VPN kill switches, Internet kill switches or network locks: active and passive. An active kill switch turns on as soon as you connect to a VPN server and disables itself once you are fully disconnected (except for connection drops).
In contrast, a passive kill switch keeps the non-VPN connection cut off even when you are fully disconnected from a VPN server, in order to maximize your protection against IP leaks. The passive kill switch is disabled and the Internet connection status is restored to normal only after quitting the VPN application.
Where to find the VPN kill switch
The kill switch feature should be located in the settings area of your VPN service. Some software developers might call it under a different name, though, such as Internet kill switch or Network lock. Nevertheless, the option should be accompanied by a self-explanatory description, such as “Disable Internet if VPN disconnects”, “don’t go online without an active VPN” or “keep your browsing secure after the VPN disconnects”.
Because the kill switch works by modifying firewall settings to filter and block Internet traffic, it can be simply found as “firewall” or “firewall mode” in certain VPN applications. Enabling it is usually a matter of selecting and confirming the option.
If you have trouble identifying the VPN kill switch, consult the help manual or ReadMe file of the software program, look for a FAQ on the developer’s website, or contact customer support to request assistance.
VPN services with a built-in kill switch
The following VPN services have an integrated kill switch that can be found under various names and descriptions. All of these applications have been evaluated on our website, so please don’t hesitate to check out our reviews:
- ExpressVPN: Options -> General tab -> Network lock with Stop all Internet traffic if the VPN disconnects unexpectedly and Allow access to devices on the local network (“such as printers or file servers”)
- NordVPN: Settings -> General -> Internet Kill Switch (“You will be able to access the Internet only when connected to VPN”)
- Ivacy: Settings -> Connection -> Internet Kill Switch
- CyberGhost VPN: an Internet Kill Switch is automatically activated in the application and cannot be disabled
- Mullvad VPN: Settings -> Advanced -> Block when disconnected (“Unless connected, always block all network traffic, even when you’re disconnected or quit the app”)
- Surfshark: Settings -> Security -> Kill switch (“Disables internet access when VPN connection drops or is turned off”)
- Private Internet Access: Settings -> Privacy -> VPN Killswitch (“Prevent leaks by blocking traffic outside the VPN”)
- SaferVPN: Settings -> Kill Switch tab -> Enable VPN Kill Switch to keep your browsing secure
- VyprVPN: Options -> Connection tab -> Kill Switch -> Stop all Internet traffic when VyprVPN is disconnected
- Private VPN: Advanced -> Connection Guard tab -> Kill Switch (“prevents reconnect on connection failure”)
- FastestVPN: Settings -> Internet kill switch
- IPVanish: Settings -> Connection -> Kill Switch
- TunnelBear: Settings -> VigilantBear (“Block all traffic while TunnelBear connects and reconnects”)
- AnonymousVPN: Settings -> Enable Kill Switch and Allow local network connections
- PureVPN: Preferences -> Advanced Options -> Internet Kill Switch -> Activate Internet Kill Switch and Auto-redial if VPN connection drops and Stop Internet even if I disconnect the VPN manually
Alternatives to kill switches
If your virtual private network application doesn’t come bundled with a kill switch and if you don’t want to manually configure system firewall settings every time you want to establish a secure Internet connection, you can turn to other, non-VPN utilities that can accomplish the same task while running with VPNs side by side.
Available for Windows and macOS, VPN Watcher is a software program designed to monitor your VPN connections and disconnect any preferred applications as soon as the VPN connection is down. Other similar apps are VPN Lifeguard (Windows only) and VPNCheck (Windows and Linux).
How to manually restore Internet access
As previously discussed, the VPN kill switch has two major roles: to cut Internet access on connection drops and to restore it when the connection is working properly again. However, some VPN services might have trouble with the second part. If it fails to restore Internet access, it means that the application fails to revert firewall settings to the previous state, leaving your computer without a working Internet connection.
Don’t worry, you can fix it by following these steps:
1. Make sure the VPN service isn’t set to always block Internet connections
Some virtual private network apps come with settings for taking over the firewall only on connection drops, and for restricting network access at all times (for as long as the application is running).
If you cannot open any pages on your web browser after you just enabled the kill switch, go back to the VPN’s settings area and make sure you didn’t accidentally set it to always block Internet connections.
2. Make sure to confirm your new settings before going online
Many software applications take a modern approach toward settings and don’t require confirmation anymore: you just have to choose your preferred options and that’s it! Even so, there are still VPN services out there that require you to click the “OK” or “Apply” button.
When you’re using the browser and failing to open any webpage, make sure that you actually confirmed VPN settings and didn’t just leave the options panel open but hidden behind your browser window.
3. Restart your web browser
Depending on the operating system, platform and web browser you use, it might be necessary to restart your browser every time there was something changed by your firewall. In fact, it’s really important to check this before using your VPN connection.
If your web browser was already running before connecting to a VPN server, it might remember your real IP address in the browser cache, thus exposing your identity and browsing activity to your ISP.
4. Quit and restart your VPN application
If the previous steps didn’t restore the Internet connection, then there’s definitely something wrong with your virtual private network provider. To test this, exit the program and open a browser page while staying connected to the public Internet (keep in mind that you will be exposed at this point). If it works, it means that your VPN tool cannot restore firewall settings.
Launch the VPN tool and run the same test. If the Internet connection is still down, then your VPN is set to always overwrite the system firewall, even if you attempted to disable this option from the service’s graphical interface. It’s clearly a bug, so you can either contact customer support to draw their attention toward this, or switch to a different VPN provider with a kill switch that actually works the way it should.
5. Manually restore firewall settings
Finally, if your system firewall was permanently affected (the Internet connection is down even after closing the VPN app), then you have to visit your firewall’s settings and restore them to default. While you’re at it, go the system area responsible for filtering apps with Internet privileges, in order to allow apps to go online using the private and public networks.
Even the best VPN services can have connectivity issues from time to time, whether it’s their fault or not. The important part is learning how to deal with these scenarios, and this is where the VPN kill switch comes into play. It’s a must-have tool for any users interested in protecting their online anonymity at all times, even when the VPN application stops working properly.