What is a VPN Kill Switch and 5 reasons to use it

Share or tell us what you think in the comments!

Some VPN services for its users implemented a feature called VPN kill switch. It might not be so clear what exactly this kill switch does and what is it for. So break things down here’s an in-depth explanation of what is a VPN kill switch and, when and why you would need to use it.

VPN kill switch, or sometimes called a network lock, is an essential feature for a VPN service to have that provides an extra layer of privacy and security. Its name comes from the concept of activating a single shut off mechanism for all Internet traffic. But what exactly does a VPN kill switch do when using a VPN?

First, we need to understand what problem this feature solves. The reason why the VPN kill switch feature is so essential is due to network instability and sometimes unexpected disconnects from the VPN server. These unexpected connection losses might result in exposed sensitive data and IP address leaks and the most common factors why VPN disconnects are as follows:

  1. Bad internet connection or inadequate signal strength
  2. Network congestion
  3. Connection protocols
  4. Misconfigured firewalls, anti-virus or routers
  5. VPN server configuration
  6. Device sleep modes

When connecting to a server (especially the one that is far away) there’s an additional data overhead that is needed to sustain the VPN connection. A bad internet connection or weak Wi-Fi signal strength might result in frequent VPN disconnects and unreliable connections. It’s important to have a stable internet connection when using a VPN.

Network congestion happens in crowded places such as airports and cafes. When a lot of people at the same time start generating big amounts of data timeouts might occur. This sometimes makes a VPN connection to drop unexpectedly.

Speaking of connections, usually the default protocol UDP is used to establish a connection to the server. This protocol is stateless and is way much more unreliable to keep the connection stable. When experiencing frequent disconnects it is advised to use a TCP protocol to keep a connection more stable.

Sometimes firewalls, anti-virus apps or routers start blocking VPN traffic due to unusual settings and network rules. These frequent disconnections could be avoided by disabling anti-virus or firewalls and reviewing the rules set on the router itself.

A big factor that plays a role in a stable and secure connection is a VPN server configuration. Unusual connection drops might happen when a VPN service provider has misconfigured its servers. Some time period of internet inactivity might throw you out of the server without any notice or multiple connects to the server might create so-called “dead sessions” that stop from connecting properly and disconnects from the VPN.

Be it mobile or desktop, but any device that enters the sleep mode might interfere with the network connection. The VPN apps lose control of the network and thus disconnect from the server while device is in sleep mode. After waking up the device usually tries to reconnect to the VPN server, but the process is sometimes unsuccessful and leaves your VPN turned off.

Due to the risk of unexpectedly getting disconnected from a VPN server a kill switch prevents your unencrypted internet traffic going in or out from your device. The feature cuts off the internet connection completely or closes specific apps to prevent an IP address leak.

VPN kill switch monitors your device’s network and VPN connection like a modern firewall would. Once the unexpected disconnects happen the rules implemented within the kill switch feature take effect immediately blocking all traffic that travels outside a VPN tunnel. The internet is restored once the connection to a VPN server is established.

You may encounter a kill switch of two flavors: one being a system-wide internet kill switch and the other is app-specific.

System-wide internet kill switch: this one is usually the one people have in mind when talking about a VPN kill switch. This feature terminates all internet connection on all systems and acts as a firewall when the connection is lost. The effects of this feature take immediately once VPN connection drops and ensure that none of the unencrypted internet packets are leaked.

App-specific kill switch: is a simpler version of the feature where you can choose specific applications to be closed if a connection with a VPN server is lost. This feature is not as effective as the previous one, since closing down specific applications might take some time and, theoretically, there is still a time period where your true IP address can be leaked.

There might be many possible ways to implement an internet kill switch from a technical point of view but possibly the best one is to make it as a firewall. Nowadays many firewalls and kill switches on windows OS use a WFP – Windows Filtering Platform, which is a windows native API used in all modern firewalls. The main principle is to create a set of rules that take effect immediately when Kill Switch is turned on. 

For a more advanced and in-depth view of the rules implemented by a modern kill switch technology, as administrator you can run a command on windows CMD “netsh wfp show filters” – this will generate a file with a list of rules that VPN kill switch has added system-wide.

Since iOS and macOS are quite closed platforms, therefore, app developers must navigate the security guidelines Apple provides. For some time a feature called “Always-on VPN” was available for both iOS and macOS acting somewhat like a VPN kill switch, but not exactly. This feature would automatically reconnect to a VPN server if the connection was lost, but did not block incoming or outgoing traffic outside the VPN tunnel. Due to technical limitations to control the network outside the native Apple’s VPN API some services had to think out-of-the-box to create a workaround for this limitation and actually some of them did manage to make it work.

As the possibility of unexpected disconnect from a VPN is quite real a VPN kill switch might protect you and your privacy in a variety of real-life scenarios. Here are 5 reasons to use a VPN with a kill switch:

Kill-switch feature is extremely important when torrenting or downloading files. Many countries and ISPs monitor your internet traffic and if torrenting traffic is detected you might face a big fine for copyright infringement. Kill switch prevents any data packets leaking and hiding your torrenting activities from ISP this way securing you from getting fined.

While browsing on public networks, cafes or airports your sensitive data is at risk if by any chance a secure and encrypted connection drops. Working with sensitive data in any way a kill switch is essential to prevent any kind of leaks and will do so by cutting the connections that are not secure.

Speaking of secure connections, when a VPN kill switch is on it will only allow you to make secure and encrypted connections. Any regular browsing will be disabled until you safely connect to a VPN server this way reducing the risk of your personal information getting exposed.

The secure and private connection will prevent the websites from knowing your location and real IP address. With a kill switch, any internet traffic that otherwise would identify your IP address will be dropped.

An app-kill switch adds an extra layer of security by closing the applications that run on your device immediately after disconnecting from a VPN server. This might be very handy when torrenting or downloading specific files for an extra layer of protection.

While anyone can use a kill switch feature but those who concerned about their privacy should definitely use it. Journalists, whistle-blowers, any kind of people that work with sensitive data and frequent torrent users should pick a VPN that has an internet kill switch as a feature.

All those VPNs offer a modern kill switch implemented in their applications. This feature is available on Windows, macOS, Android, and iOS applications. Those are by far the best on the market:

  1. NordVPN
  2. ExpressVPN
  3. Surfshark
  4. CyberGhost
  5. PureVPN

It is quite difficult to test a kill switch feature since it requires a random VPN disconnect. However, there are some basic and advanced ways to replicate such a scenario at least up to some extent. Here’s a VPN kill switch test:

A basic way to test a kill switch

  1. Enable VPN kill switch
  2. Manually disconnect from the VPN server
  3. Your internet connection should be gone and you won’t be able to access any websites. Also, your torrents should stop downloading

An advanced way to test a kill switch

Advanced way to test a kill switch feature requires some networking knowledge and a free network monitoring application called WireShark. Here is some guidance on how you could test a kill switch in such a way:

  1. You need to set up your WireShark and connect to a VPN. You will see your internet traffic going to a VPN server’s IP address
  2. Try to run some torrents as well – all internet traffic should go via VPN server’s IP address
  3. Manually disconnect from the VPN server – you should immediately see that internet packets get stopped or dropped and, if the internet kill switch is working correctly, there are no connections made other than to a VPN server.

A VPN kill switch is an advanced VPN feature that is used in case of an unexpected disconnect from the VPN server. Without a kill switch, a user could be exposed to location, IP address leaks and risk revealing personal information. It is an essential means when torrenting or working with sensitive data. There are some good VPN services such as NordVPN that have implemented a kill switch on all operating systems and it protects your privacy while downloading files and torrenting.


Share or tell us what you think in the comments!

Add a Comment

Your email address will not be published. Required fields are marked *