Affiliate Commissions

CyberWaters is supported by its readers, therefore we may receive affiliate commissions if you purchase goods or services via our links. We appreciate your support.

What is a VPN Kill Switch (Should You Always Use It?)

vpn kill switch

A VPN kill switch automatically disables your internet access if the VPN connection drops. That way, you don’t suffer traffic leaks that can expose private data, like your IP address. When your connection to the VPN server is restored, the kill switch disengages, allowing you to access the web again.

Despite the kill switch being an industry-standard security feature, not all VPNs have it. And using a VPN without a kill switch is extremely dangerous for your privacy. But spending hours or days checking which VPNs have kill switches isn’t exactly fun.

So we tested 40+ VPNs to see which ones have a kill switch and also provide excellent security features. All the VPNs we recommend in this article meet that criteria and also offer excellent P2P and streaming support, fast speeds, and more.

And don’t worry — enabling a VPN kill switch is very simple. Just turn it on from your VPN app’s settings. Though, most kill switches come enabled by default.

How Does a Kill Switch Work?

A VPN kill switch disables your web access if the VPN connection drops. Some VPNs even have kill switches that will stop you from going online if you’re not connected to a VPN server. You only regain internet access when your connection to the VPN server is established — but that only takes a few seconds.

These are the main processes involved in how a VPN kill switch works:

  • Scanning — the kill switch analyzes your connection to the VPN server in real-time.
  • Detection — the kill switch instantly detects any disruptions to your VPN connection.
  • Blocking — the VPN’s kill switch disables all online access or only prevents certain apps from going online.
  • Reconnection — the VPN kill switch restores your online access when the VPN app successfully reconnects to the VPN server.

Types of VPN Kill Switches

There are 2 types of VPN kill switches — a system-level kill switch and an app-based kill switch. The system-level kill switch is a mandatory VPN security feature. If a VPN doesn’t have it, it can’t protect your data. And the app-based kill switch is more of an extra security feature that some VPNs offer.

System-Level Kill Switch

A system-level kill switch disables your entire online access if the VPN connection drops. So until the connection to the VPN server is re-established, you can’t use the Internet.

App-Based Kill Switch

An app-based kill switch allows you to choose which apps are shut down if the VPN connection drops.

For example, if you assign an app-based kill switch to uTorrent, the VPN client will close the P2P app if the VPN disconnects. But you’ll still be able to use your web browser to go online.

Why Do You Need a VPN Kill Switch?

You need a VPN kill switch to avoid traffic leaks that can happen if the VPN connection drops. A VPN might disconnect sometimes due to multiple reasons — like firewall settings or network congestion. If you suffer a traffic leak, your data will be exposed because you’ll be using the web without a VPN.

Basically, without a kill switch, your ISP can see what you’re doing online if the VPN disconnects. Similarly, other sites can see and log your IP address.

When Does a VPN Kill Switch Activate?

A VPN kill switch automatically triggers whenever your connection to the VPN server drops. The kill switch will block all online access until the VPN app restores the connection to the VPN server.

Why Do VPN Connections Drop?

Here are the main reasons VPNs might disconnect:

  • The VPN’s server network or your ISP’s network is very congested.
  • You’re using OpenVPN over UDP instead of TCP, which is more unstable.
  • You switched VPN servers.
  • A firewall, router, or antivirus program is interfering with the VPN connection.
  • Your ISP has a short outage.

What Are the Risks of Disconnecting from the VPN without a Kill Switch?

If you disconnect from the VPN without the kill switch enabled, here’s what can happen:

  • Your ISP can see what sites you browse.
  • Your ISP can see your P2P traffic.
  • Websites can see your real IP.
  • Everyone in the torrent swarm can see your real IP.
  • Advertisers can track your location.
  • Streaming sites can detect your real IP.

The 6 Best VPNs with a Kill Switch

Pretty much all top VPNs come with a kill switch. But to protect you online, a VPN has to offer a really good kill switch and other high-end security and privacy features. We tested 40+ popular VPNs and found the best VPNs with a kill switch:

1. NordVPN Kill Switch

NordVPN kill switch settings

NordVPN has an excellent kill switch that is available on all its apps: Android, iOS, macOS, Windows, and Linux. It’s great to see a VPN kill switch feature on iOS and macOS since many providers don’t have this feature on those platforms. 

To turn on the kill switch, head to Settings > Kill Switch.

The Windows app comes with the most customizable kill switch. First, there’s an Internet Kill Switch option in the VPN app. It disables all online access if the VPN connection drops or if you’re not connected to the VPN. Next, you get the App Kill Switch, which lets you choose which apps are shut down when the VPN disconnects or you’re not connected to it. We tested both features 10+ times and they always stopped us from going online if we weren’t connected to NordVPN.

In addition to an excellent VPN kill switch, NordVPN also provides high-end security features. It has RAM-only servers, meaning each server reset wipes all data. Also, you get obfuscation, which hides your VPN traffic and lets you bypass VPN blocks. There are also double VPN connections, which provide an additional layer of encryption. And there’s also Threat Protection, which protects you from malicious sites and downloads.

What’s more, this provider’s no-logs policy passed 2 independent security audits. And it also uses a colocated network, meaning NordVPN ships its own hardware to the data center it uses. So only its staff has access to the servers.

This VPN also provides excellent streaming and torrenting support, very fast speeds, and 24/7 live chat support. It comes with very affordable plans and a 30-day money-back guarantee.

Want to read more about this VPN? Check out our NordVPN review.

  • Thousands of lightning-fast servers
  • Unblocks streaming services
  • Fully supports Torrenting and P2P
  • Strict no-logs policy and RAM-disk servers
  • Ad blocker and malware protection features
  • Robust security features and military-grade encryption
  • 24/7 live chat support
  • 30-day money-back guarantee
  • Only 6 simultaneous connections
  • No free trial

2. Surfshark Kill Switch

Surfshark kill switch settings

Surfshark has a kill switch on its iOS, Android, Windows, and macOS apps. The feature will only disable online access if your VPN connection drops. Some people find that more convenient than the kill switch shutting off internet access if you’re not connected to the VPN. This provider also supports unlimited connections, so it’s a great choice if everyone in your house wants a secure VPN with a really good kill switch.

To enable the kill switch, go to Settings > VPN settings and click the Kill Switch option.

On top of that, you also get high-end security with this VPN. It has advanced security features like RAM-only servers. It also comes with WebRTC and DNS leak protection and an ad blocker called CleanWeb that protects you from malicious sites and ads. Double VPN connections are also available, which provide more security than a regular VPN connection. And this VPN also comes with obfuscation, which secures your privacy in restrictive countries.

Surfshark is also one of the only VPNs that provide in-app access to an antivirus. It’s a paid add-on, but it’s worth it. That way, you get the best of both worlds — the app secures your online traffic and protects your device from malware infections. What’s more, you also get Surfshark Alert, which tells you if any sites leaked your data.

Other perks of using this VPN include excellent streaming and P2P support, very fast speeds, and easy-to-use apps. There’s also 24/7 live chat support, cheap plans, and a 30-day money-back guarantee.

If you’d like to read more about this VPN provider, please check out our full Surfshark review.

  • Very affordable
  • Unlimited simultaneous connections
  • Ad-blocking feature
  • Unblocks streaming platforms
  • Allows split-tunneling and has multi-hop VPN feature
  • No-log policy and strong security features
  • GPS spoofing on Android devices
  • 30-day money-back guarantee
  • No free version
  • Does not allow P2P seeding

3. AtlasVPN Kill Switch

AtlasVPN kill switch settings

AtlasVPN provides a kill switch on all of its apps. If you enable the kill switch, it shuts off all internet access until you connect to one of the provider’s VPN servers. That ensures you never risk accidentally going online without enabling the kill switch. And this VPN has unlimited connections, meaning you can secure all your devices. 

To turn on the kill switch, go to Settings > Security and click the Kill Switch button.

Plus, we like that this VPN includes the kill switch in its free plan — not many free VPNs do that. In addition to that, you also get strong encryption and a strict no-logs policy. What’s more, you get fast speeds and P2P support. But the free plan limits you to servers in the US and the Netherlands and 10 GB of data per month.

Upgrading to AtlasVPN’s paid plans gets you unlimited data. Furthermore, you also get access to SafeSwap servers, which refresh their IPs throughout the VPN connection. That makes it much harder for someone to track your VPN usage. 

MultiHop+ servers are also available, which send your traffic through 2 VPN servers instead of 1 server. That way, you get an extra layer of encryption. And the exit server regularly rotates, so it’s nearly impossible for anyone to track you.

And we also like that this VPN allows torrenting on all servers and works with popular streaming sites. Also, it provides live chat support for paid users and responsive email support for free users. And it has super cheap paid plans and backs each purchase with a 30-day money-back guarantee.

  • Very affordable plans and it has a free version
  • Fast Speeds
  • Unlimited device support
  • WireGuard protocol and strong security features
  • Torrenting-friendly
  • Unblocks streaming services
  • 30-day money-back guarantee
  • Limited Linux app
  • Based in the US
  • Not so many servers

4. PrivateVPN Kill Switch

PrivateVPN kill switch settings

PrivateVPN has a kill switch on its Android and Windows apps that’s secure and customizable. It has 2 types of kill switches, a system-level kill switch called Kill Switch and an app-based kill switch called Application Guard. 

The Kill Switch feature shuts down web access if the VPN connection drops. And the Application Guard feature lets you choose which apps close when the VPN disconnects. We tested Application Guard with torrent clients like Vuze and qBittorrent and it always worked as intended. 

To enable the kill switch options, head to the Connection Guard tab.

On top of the kill switch, PrivateVPN also comes with really good leak protection against IPv6 and DNS leaks. Obfuscation is also available, which lets you make your VPN traffic look like regular internet traffic.

PrivateVPN works with all top streaming sites, allow torrenting on all servers and has 24/7 live chat support. It has some of the cheapest plans on the market and comes with a 30-day money-back guarantee.

  • Supports P2P traffic and allows port forwarding
  • Unlimited bandwidth and great speeds
  • Unblocks most streaming platforms
  • Zero-logging policy
  • Free Static IP servers
  • 10 simultaneous connections
  • 30-day money-back guarantee
  • Not as many servers as other VPN providers
  • No split-tunneling

5. ExpressVPN Network Lock

ExpressVPN kill switch settings

ExpressVPN’s kill switch is called Network Lock and it’s available on its Windows, macOS, Linux, and even router apps. This is one of the only VPNs that have a dedicated app for routers, so it’s a great pick if you want to secure all your devices with a router VPN.

To turn on Network Lock, go to Options and check the Stop all internet traffic if the VPN disconnects unexpectedly box.

The provider’s Network Lock feature isn’t available on Android. But there’s an alternative option that blocks all online access if the app can’t reconnect to the VPN server. And you can also tweak the setting to block all non-VPN traffic.

This VPN also comes with excellent security and privacy features. It uses RAM-only servers and perfect forward secrecy is also available. The second feature changes your encryption key for each VPN session. That prevents hackers from spying on your traffic by compromising past or future encryption keys. What’s more, ExpressVPN also has a no-logs policy that passed multiple independent security audits.

And this provider also includes full leak protection on all of its apps. We ran 10+ leak tests on servers in dozens of countries, and we never experienced an IPv6, DNS, or WebRTC leak.

In addition to that, ExpressVPN claims to work with 65+ streaming apps, allows torrenting on all servers, and has very fast speeds. It also comes with easy-to-use apps and 24/7 live chat support. While its plans are pricey, they provide excellent value — and this VPN has a no-questions-asked 30-day refund.

Want to find out more about this VPN service? Check out our hands-on ExpressVPN review.

  • Works with streaming
  • Supports torrenting
  • No-logs policy
  • TrustedServer technology with RAM-only servers
  • Premium security features
  • 30-day money-back guarantee
  • Expensive subscription plans
  • Only 5 simultaneous connections

6. Private Internet Access VPN Kill Switch

Private Internet Access kill switch settings

Private Internet Access (PIA) comes with a kill switch on its iOS, Android, Windows, macOS, and Linux apps. 

We like how customizable PIA’s kill switch is — it has 2 modes. The first mode only disables online access if the VPN connection randomly drops. And the second mode blocks all web traffic if you’re not connected to the VPN. We ran 15+ tests with the second mode enabled and the kill switch always successfully blocked all online traffic when we didn’t have a VPN connection.

To turn on PIA’s kill switch, go to Settings > Privacy and enable the VPN Kill Switch option.

What’s more, this VPN provides excellent privacy features. Its no-logs policy has been proven true in court on multiple occasions — you can even read the court documents online. And all of its apps are open-source, which means anyone can inspect the code to make sure there are no security vulnerabilities.

In addition to that, PIA also has advanced security features like RAM-only servers. Also, it comes with full protection against IPv6, DNS, and WebRTC leaks. Obfuscation is also available, and there’s a very good ad blocker too, which is called PIA MACE. And this VPN has an extra feature called Identity Guard, which lets you check if your data has been exposed in a breach.

This VPN also unblocks the most popular streaming sites, allows P2P traffic on all servers, and has blazing-fast speeds. Its apps are very user-friendly and customizable, and there’s live chat support too. PIA has very affordable prices and a 30-day money-back guarantee.

If you’d like to read more about this VPN, please read our Private Internet Access review.

  • Thousands of servers
  • Great for torrenting and P2P
  • Strong security and encryption
  • Block ads, trackers, and malware
  • 10 simultaneous device connections
  • Anonymous payment methods
  • 30-day money-back guarantee
  • Based in the US
  • Not all streaming services can be unblocked

How to Set Up OpenVPN Kill Switch

If you’re using the OpenVPN GUI, you won’t be protected from traffic leaks because the app is missing a built-in VPN kill switch. But you can manually set up an OpenVPN kill switch to protect your data. Here’s how to do it on Windows, macOS, and Linux:


Windows terminal command line OpenVPN kill switch set up
  1. First, connect to the OpenVPN server you want to use.
  2. Next, type cmd in the Start menu.
  3. Right-click on the Command Prompt icon and select Run as administrator.
  4. Type route delete and hit Enter.

And that’s it — you successfully created a manual VPN kill switch for your connection on Windows. 

To disable the kill switch, you simply need to disable and re-enable your main network adapter. You can find it by going to Control Panel > Network and Internet > Network and Sharing Center and hitting Change adapter settings on the left.

macOS & Linux

Before you do anything on both platforms, you’ll need the IP address of the VPN server you’re using the kill switch for. If the VPN provider can’t provide you with it, you can use the host command to get it. To do that, you’ll need the VPN server’s hostname. You can get the hostname from the VPN provider’s server list on its site. Alternatively, open the OpenVPN server file and get the hostname from there.

Once you have the hostname, use the host command like so $ host [hostname] — just add the hostname in the [hostname] field. The command should return the server’s IP address.

On Linux, you’ll also need the name of the network interface that’s connected to the web or your default gateway. To find it, you’ll need to use the route command — keep in mind it requires root or sudo access.

After you have the IP address, open the OpenVPN server file with a text editor. Look for the remote option and replace the hostname with the IP address.

With that out of the way, here’s how to set up the VPN kill switch on both operating systems:


  1. First, make sure you have sudo or root access and the pf command-line tool.
  2. Next, you’ll edit the configuration file of pf.
  3. To do that, use this command in the terminal: # nano /etc/pf.conf
  4. Use these commands to block all connections other than to the IP of the VPN server:
    1. block drop all
    2. pass on lo0
    3. pass on utun0
    4. pass out proto udp from any to [add VPN server’s IP] port [add your port]
  5. Save and exit.
  6. Now, use this command to make sure the kill switch rule persists on reboot: # pfctl -f /etc/pf.conf
  7. The kill switch isn’t enabled by default, so use this command to turn it on: # pfctl -e

And that’s about it. You won’t have any web access unless you’re connected to the VPN servers’ IP address.


Here’s the setup guide if you use iptables:

  1. Use iptables-save to back up your current ruleset.
  2. Copy the following ruleset (make sure you fill in the VPN server IP, port, and network interface fields with your info): 
    1. #!/bin/bash
    2. iptables –flush
    3. iptables –delete-chain
    4. iptables -t nat –flush
    5. iptables -t nat –delete-chain
    6. iptables -P OUTPUT DROP
    7. iptables -A INPUT -j ACCEPT -i lo
    8. iptables -A OUTPUT -j ACCEPT -o lo
    9. iptables -A OUTPUT -j ACCEPT -d [VPN SERVER IP ADDRESS]/32 -o [NETWORK INTERFACE] -p udp -m udp –dport [PORT]
    10. iptables -A INPUT -j ACCEPT -s [VPN SERVER IP ADDRESS] -i [NETWORK INTERFACE] -p udp -m udp –sport [PORT]
    11. iptables -A INPUT -j ACCEPT -i tun0
    12. iptables -A OUTPUT -j ACCEPT -o tun0
  3. Save the ruleset as a script called iptables-vpnks.sh. 
  4. To activate the kill switch, open a terminal with root or sudo rights and type this:
    1. # chmod +x iptables-vpnks.sh
    2. # ./iptables-vpnks.sh
  5. Make sure the kill switch settings remain active after a reboot. To do that, install the iptables-persistent package.

And here’s the setup guide if you use ufw:

  1. Make sure you backup the current ruleset for your firewall.
  2. Copy the following ruleset (fill in the VPN server IP, network interface, and port fields with your details):
    1. ufw –force reset
    2. ufw default deny incoming
    3. ufw default deny outgoing 
    4. ufw allow in on tun0
    5. ufw allow out on tun0
    6. ufw allow out on [NETWORK INTERFACE] to [VPN SERVER IP] port [PORT] proto udp
    7. ufw allow in on [NETWORK INTERFACE] from [VPN SERVER IP] port [PORT] proto udp
    8. ufw enable
  3. Save the ruleset as ufw-vpnks.sh.
  4. Open a terminal with sudo or root access and use these commands:
    1. # chmod +x ufw-vpnks.sh
    2. # ./ufw-vpnks.sh
  5. And now your VPN kill switch is active.

Are There VPN Kill Switch Alternatives?

Yes, there are third-party tools you can use to monitor your VPN connection and disable online access if the VPN disconnects. Some examples include VPN Watcher, VPN Lifeguard, and VPNKS. But you don’t need to use these tools if you’re already using a good VPN that has a kill switch.

That said, if you’re an advanced user and want more control over your VPN connection, you could use these tools. Just keep in mind most of them haven’t been updated in years and only work on Windows and Linux. Most VPN kill switch alternatives are free, but some also come with paid plans.

VPN Kill Switch FAQs

Here are the most common questions we saw people asking online about using a VPN kill switch:

Should You Always Use a VPN with a Kill Switch?

Yes, definitely. If a VPN doesn’t have a kill switch, we strongly recommend you avoid it because it can’t protect you from traffic leaks. So if you use a VPN without a kill switch, it can’t 100% protect your data at all times.

How to Test a VPN Kill Switch

Here’s how to test a standard system-level kill switch:

  1. Open the VPN app and connect to a server.
  2. Make sure the kill switch is enabled.
  3. Surf the web as usual.
  4. Use your firewall to block the VPN.
  5. If you can’t use the internet anymore, the kill switch is working.

If the VPN’s kill switch disables online access if you’re not connected to the VPN at all, it’s much easier to test it. Just enable the kill switch and see if you can go online — if you can’t, the kill switch works.

How to Disable a VPN Kill Switch

To disable a VPN kill switch, just go into the VPN app’s settings and disable the kill switch option. If you’re not sure how to do it, ask the provider’s support reps. Keep in mind some VPNs don’t let you disable the kill switch — for example, CyberGhost VPN has an always-on kill switch, which can’t be turned off.

Do All VPNs Include a Connection Kill Switch Feature?

No, but pretty much all top VPNs come with a kill switch. That said, some VPNs don’t have this feature — mostly free VPNs. We strongly advise avoiding any VPN that doesn’t have a kill switch because it’s not safe to use.

Which Free VPNs Have a Kill Switch?

Most free VPNs don’t have a kill switch, which is why we normally recommend avoiding them. But if you want to use a free VPN, try AtlasVPN’s free plan. It has a kill switch, strong security features, fast speeds, and P2P support. But it limits you to 10 GB per month and servers in the US and the Netherlands.

What Does a VPN Kill Switch Do?

A VPN kill switch disables online access if your VPN connection drops. It does that to protect you from traffic leaks, which could reveal your real IP address and traffic. You will only be able to access the web again once the VPN connection is re-established.

Who Should Use a VPN Kill Switch?

Anyone using a VPN should use a kill switch. But some users are not that worried about traffic leaks. So, here are some examples of people who should always use a kill switch:

  • Anyone who downloads torrents.
  • Activists, journalists, and whistleblowers.
  • Anyone who handles sensitive documents.
  • People in restrictive countries.

Are Internet Kill Switches from VPNs On By Default?

Yes, most top VPNs configure their apps to come with the kill switch enabled by default. But if the kill switch disables all online access if you’re not connected to the VPN, instead of if the VPN disconnects, it’ll likely be off. Having it on by default would be confusing and annoying.

Also, app-based kill switches are not enabled by default. You have to turn them on yourself and choose which apps the kill switch prevents from accessing the web if the VPN disconnects.


A VPN kill switch is an essential security feature, meaning any VPN that doesn’t have a kill switch is not safe to use. If you do use a VPN without a kill switch, it’ll leak your IP address and traffic if the VPN connection drops.

Overall, you should be safe if you use any of the top VPNs on the market because they all have kill switches. If you know other good VPNs with kill switches, please mention them in the comments.

These articles could be helpful too
Leave Comment

Your email address will not be published. Required fields are marked *