VPN kill switch

A VPN kill switch is a feature built into some VPN apps that cuts off your internet if the connection to the VPN server drops.

A Virtual Private Network or VPN routes all the internet data going to and from your phone or laptop through a server in a location of your choosing. Between your device and the VPN server, all incoming and outgoing data is encrypted.

For any number of reasons, your secure connection to the VPN server can be disrupted without you being aware of it. Without a VPN kill switch, data would continue to flow over a direct, unencrypted connection. Even a momentary failure can reveal information that VPNs are meant to keep private, including:

  • Your location
  • IP address
  • DNS traffic
  • IP traffic
  • WebRTC traffic

If a kill switch is active, it will kick in once the VPN connection is no longer being used. Until the VPN connection is reestablished, no data can be transmitted over the internet, keeping your data, IP address, and location private.

When to use a VPN kill switch

safervpn windows kill switch

We recommend enabling your VPN’s kill switch at all times if you want to maximize privacy. But here are a few situations when kill switches are particularly handy:

  • Torrenting, to prevent leaking your IP address to peers in a swarm
  • On public wi-fi connections hackers could compromise
  • On mobile, when connections frequently drop and reconnect
  • When using Tor browser, hide your Tor connection from your ISP
  • If you think your connection is being spied on or monitored

In short, kill switches are a must in scenarios when even a very brief lapse in privacy is not tolerable.

What VPNs have kill switches?

Most quality VPN providers offer kill switches on at least some of their apps. Kill switches are more common on desktops than on mobile. Here’s a breakdown of some of the top VPNs and their support for kill switches on major operating systems:vpn kill switch

Note that newer versions of Android have a built-in kill switch feature that you can enable in the operating system’s settings. Some VPNs, such as NordVPN, advise users to employ Android’s built-in kill switch instead of putting one in their apps.

Why do VPN connections fail?

VPN connections drop for a several reasons:

  • Your internet connection temporarily fails or is disrupted, perhaps due to a poor signal
  • The VPN server goes down
  • You change connection interfaces, such as from wi-fi to mobile data or from LAN to wi-fi
  • You change networks, such as from one wi-fi network to another
  • Your firewall or antivirus settings cause your connection to drop
  • The connection to the server is blocked, such as by China’s Great Firewall
  • Routing issues between the user and the VPN server
  • The VPN app crashes

Not all kill switches are equal

We often discuss VPN kill switches in black-and-white terms; either a VPN has a kill switch, or it doesn’t. But kill switches vary in how they work and how well they work in all of the potential disruption scenarios listed above. In some scenarios, between your VPN disconnecting and the app detecting that it did, data can leave your computer over the direct, unencrypted connection.

For example, a VPN’s kill switch might kick in if your wi-fi router goes down, but not if the VPN app crashes. A 2017 study by Comparitech found that most VPNs leak data in certain network disruption scenarios despite having kill switches. NordVPN and ExpressVPN proved to be the most leak-proof in those tests.

nordvpn kill switch

Most kill switches are all or nothing, meaning that all internet traffic is halted when the kill switch kicks in. But some VPN providers, such as NordVPN and Hide My Ass!, have app-specific kill switches. This allows the user to choose which apps are cut off from the internet in the event of a failed VPN connection and which can continue to use an unencrypted, direct connection.

How do I activate my VPN kill switch?

Every app is different, but you can usually enable or disable a VPN app’s kill switch somewhere in the settings. Some VPNs enable their kill switch by default, while others require users to activate it.

Hotspot Shield settings screen.

Some VPNs have a different name for their kill switch. ExpressVPN calls its kill switch a “network lock”, while Windscribe simply calls it a firewall.

Some VPNs might have always-on kill switches that can’t be turned off.

You can turn on Android’s native kill switch by going to Settings > Wireless and networks > More > VPN. This works in Android 7 and later.

VPN kill switch FAQs

Can I make my own kill switch?

It is possible to configure a firewall only to allow internet traffic while the VPN is connected. But every server must be configured manually, and it’s easy to overlook certain data leaks or disruption scenarios. We don’t recommend configuring your own kill switch unless you’re confident in your networking skills.

Is there a way to ensure my VPN connection never drops out?

Unfortunately, no. As we mentioned above, there are several reasons why a VPN connection might drop, and since they’re all caused by different factors, there’s no one way to prevent them all. The best way to protect yourself against any and all of these issues is to use a VPN with a quality kill switch.

Are there other ways to protect against disconnections?

The main ways to protect against disconnections are to ensure your VPN software is up to date, turn off power-saving features on your system (if they’re enabled), and tweak some VPN settings if disconnecting becomes a regular occurrence.

Can I use a VPN kill switch and split tunneling simultaneously?

Yes, using a VPN kill switch and split tunneling simultaneously is possible. This can be useful in scenarios where you want to protect your internet connection from exposure, but it also allows specific applications or websites to bypass the VPN and access the internet without encryption. To do this, configure your VPN client to activate the kill switch if its connection drops and specify which applications and websites should use the split tunneling feature. This way, all traffic from unselected applications or websites will be blocked when the VPN fails, but only traffic from selected sources will go through the VPN.

Read more: How to make a VPN kill switch in Linux with UFW