A Kill-Switch is an extra security feature offered by many VPN providers. It is designed to prevent data from being transmitted insecurely in the event of an accidental VPN disconnect.
The prevents both snooping (the intercepting of unencrypted data packets) and IP leaks (data would ordinarily originate from your true IP address after the VPN disconnects).
In this article you’ll learn:
- What is a Kill-Switch?
- The two types of Kill-Switches (Application vs. System)
- How to create a kill-switch (if your provider doesn’t offer one)
- How to restore Internet Access after kill-switch activates
- Who needs a kill-switch anyway?
What is a Kill-Switch?
At its most basic level, a kill-switch is a simple program (or part of a program) designed specifically to monitor the connection status of a specific network adapter.
If it detects a change in connection status (or your IP address) it uses administrator privileges to instantly kill your access to the internet.
Kill-switches are often built into VPN software, as a safety mechanism to prevent any personally identifiable information from leaking in the event of a dropped VPN connection.
Why use a kill-switch?
Even though most stable VPN service will occasionally have a dropped connection. A kill-switch is the last line of defense to make sure you never transmit unencrypted data or accidentally expose your true IP address.
Most users won’t need this level of protection, but it’s always nice to have the option for people who are serious about their privacy.
The two types of kill-switch (App vs System)
There are two primary kill-switch types:
- System level kill-switch (most common)
- App level kill-switch (kills specific apps, not entire internet connection)
Most VPNs include a system level kill-switch that will cut internet access to your entire system if the VPN connection fails. Some VPNs include both for greater flexibility/power.
System Level Kill Switch
This is the most simple and most common kill-switch variety. When activated, a system kill switch will completely cut internet access to the entire computer until the VPN reconnects or you reset the network adapter.
This is a brute-force method with little finesse, but it is quite effective at preventing IP leaks. Activating a this type of kill-switch is usually as simple as selecting 1 check box in your VPN software.
System-level Kill Switch in Private Internet Access’s software
As you can see it’s quite simple to activate.
VPN Providers with System Level Kill-Switch
Application Kill-Switch
The App level kill switch lets you choose which specific programs will be closed when the kill-switch activates. In my opinion this is a more useful feature because it allows greater control of how the switch activates.
Common programs you may want kill:
- Web browser (chrome, firefox, safari…)
- Torrent Client (utorrent, Vuze, Deluge…)
- Skype
Adding programs to the list is usually pretty simple. Below is an example from Torguard’s software.
Torguard’s App Kill-Switch
There are only a few VPN providers that feature an application kill-switch…
How to create your own Kill-Switch
Even if your VPN provider doesn’t offer a kill switch, you can still build your own with the help of some free software. You can create either a system or app-level kill switch based on the method you use.
Create a system kill switch with Comodo free firewall
Comodo Firewall is the best free firewall software anywhere. It’s great for getting maximum control of your network, because by default it assumes every connection is a threat until you grant access to that program (it’s as simple as clicking the ‘allow connection’ button).
With a little creativity, you can use custom rules in Comodo to make it a great kill-switch. This tutorial from nvpn will show you how to do it step-by-step.
Create an app-level switch
There are two free programs that will give you the ability to kill specific applications if your VPN connection drops.
First up is VPNetmon which is completely free and extremely easy to use. Just add your preferred programs to the list. Vpnetmon can autodetect your true IPaddress and VPN IP, so and it will activate it your IP switches. It has two modes, standard or paranoid which determines how often it checks for ip changes (as low as 1/10th second).
VPNCheck is offered either as freeware or a paid pro version. The free version will be enough for most users and can operate in either app-level or internet-level kill switch mode, giving you the best of both worlds.
How to reset internet access/kill-switch
I bet ‘your VPN broke my internet’ is one of the biggest complaints VPN tech support faces. Many users don’t realize how powerful the kill-switch actually is. In order to restore internet access you either have to do one of two things:
- reconnect to the VPN
- Reset your DCHP settings for you network adapter
Resetting DCHP is easy, just rightclick the network/wifi icon in your system tray and run the troubleshooter.
Run windows troubleshooter
When you run the troubleshooter you’ll get a message like “Cannot reach DCHP gateway”. All you have to do is click the ‘fix’ button and it will reset your network adapter and automatically restore internet access.
For additional info and resources, check out the ‘Help! My killswitch broke my internet’ thread on Reddit.
So do I need a kill switch?
Whether you need a kill switch or not is a completely personal decision. It depends mostly on what you intend to use your VPN for primarily. If it is essential that your real IP address never be exposed, you should definitely be using a kill-switch at all times.
Examples of people who need a kill-switch
- Bittorrent users/Filesharing
- Online activists (who need to remain anonymous)
- Online poker (accessing sites in another country)
People who should be less concerned
If you typically use your VPN for protecting sensitive data on wifi networks or for unblocking geo-restricted video streaming websites like Netflix, Hulu, Youtube, etc… then you probably don’t need a kill-switch (though there’s no harm in using one).
Conclusion
Now that you know how a kill-switch works (and how to build your own if your VPN doesn’t offer one) you should be well on your way to optimal online security.
Just be aware that dropped VPN connections are not the only source of IP leaks. The other most common leaks (for OpenVPN) are DNS Leaks, where your website lookup requests are accidentally routed to the wrong DNS server (outside the VPN tunnel).
Make sure to check out our VPN reviews for the most up to date and in-depth info on our favorite VPN providers.
NordVPN has both types of Internet kill switches.
It certainly does, one of the few providers to include both options in their desktop client.