VPNs are becoming increasingly popular with internet users all over the world. And it’s little wonder. We’re all trying to find ways to protect our privacy and security in an environment which sometimes makes that very hard to do.
By providing us with a fully-encrypted and private connection to the internet, a VPN gives us the safety and anonymity we want. That protection, however, is only as strong as its weakest link. A VPN kill switch is there to ensure that if and when that link breaks, we’re protected.
Why Are Kill Switches Needed
No service on the internet will ever be 100% reliable. That includes VPNs.
VPN connections are susceptible to malfunctions caused by several factors outside your control. These malfunctions include anything from partially sending traffic over an unsecured connection to full disconnects without warning (with the latter more common).
When a malfunction happens, the device using the VPN typically goes back to using its default internet connection. This happens automatically. Worse, this also usually happens without you being aware.
That default connection is of the standard, unencrypted (and therefore not private) variety. So just like that, your data once again become exposed to all types of potential risks.
VPN providers realize, of course, that’s a big problem, and most have a solution built right into their software. That solution is called a kill switch. It’s job, to automatically block all internet traffic the instant a VPN runs into any issues.
What is a VPN Kill Switch
Put simply, a VPN kill switch is a software feature that continuously monitors a VPN connection. It quietly runs in the background, looking for signs of trouble.
Most VPN services include one as part of the client application.
When it detects a problem, the kill switch triggers and stop all of your device’s traffic from reaching the internet. It effectively kills your connection.
Have you ever used a VPN to all of a sudden find your downloads have stopped and nothing is working? You’ve likely witnessed a killswitch in action. Yes, it can be annoying. But, don’t hate it for doing its job and keeping you protected.
Once your internet is disabled, it will stay it off until the VPN once again starts working. That may sometimes happen automatically after a few seconds (networks are finicky creatures). Other times, you may need to reconnect manually.
After the VPN connection is restored, the kill switch will go back to its default monitoring state.
You can also, of course, bring back your internet by turning off your VPN app. Just remember, you’ll no longer be protected.
How Does It Work
VPN kill switches can use a variety of monitoring and detection methods to determine the health of a connection.
The internet kill switch makes sure that only the IP associated with the VPN server is visible to the outside world. The moment that’s no longer the case, it pulls the plug.
Another popular implementation relies on the software keeping a continuous connection to a non-public IP, one that can only be reached by using the VPN. If that connection fails, the killswitch activates.
Either way, the net result is the same. As soon as there’s a problem, expect a quick disconnection of your device from the internet.
Why Use VPN Kill Switches
As mentioned earlier, many of us rely on VPNs to protect our security and privacy when using the internet. If the VPN fails, we’re no longer protected.
Most of the time that may be of little consequence. Sometimes, however, that’s far from being the case.
Take, for example, journalists and activists who use a VPN to prevent authoritarian regimes from tracking them. They cannot afford their data to go unprotected for even an instant.
Users of peer-to-peer file transfer software also must take special care. Many use VPNs to conceal their real IP address. If the VPN connection drops, their ISP-provided IP is plain to see. They become easy targets for any copyright trolls who may be monitoring their connection.
No matter what our reasons for using a VPN, a kill switch helps make sure we get the security and privacy benefits we expect at all times.
Which VPNs Have a Kill Switch
These days, many providers include an internet kill switch as part of their service. That doesn’t mean, however, that it is always obvious which ones do.
Part of the reason is that VPNs often adopt their own fancy sounding names for the feature. There is no real standardization.
When you’re looking for a VPN service, it’s usually possible to figure out which ones offer a kill switch by simply scanning over the homepage of their website. It’s something that’s so commonly requested that if it’s available, you can bet they’ll advertise it.
If the homepage says nothing, check out the features or FAQ sections of the site. If you’re still not sure or there is any ambiguity, talk to the provider’s customer support to get a straight answer.
Of the most popular VPN providers, here are three which I know for sure offer kill switch functionality. Where applicable, I’ve also included a screenshot of where to find the setting.
From a clean and intuitive client to many technologically advanced features (including, of course, a killswitch), this is a VPN that seems to be doing everything right.
NordVPN’s kill switch comes in two flavors. The first option is the classic one. It completely blocks access to the internet if a VPN drop is detected.
The second option lets you specify the exact apps you would like to have shut down if the VPN connection runs into problems. So you can, for example, have your BitTorrent client killed but continue to enjoy an uninterrupted experience in your browser (assuming, of course, you don’t care that your web browsing is no longer private).
Front and center in the NordVPN settings menu, the kill switch toggles are very easy to find.
NordVPN is based out of Panama (where online censorship or surveillance are not in anybody’s vocabulary) and does absolutely zero logging. So, complete privacy is assured.
Bottom line, Nord’s reputation as a top VPN provider is well deserved.
- Excellent download and upload speeds
- Large ever-expanding server network
- Great privacy with independently verified no logging policy
- Specialty servers (including double VPN, obfuscated, and Tor over VPN)
- Clean, easy to use client
- Works with Netflix and other streaming services
- Allows torrenting and P2P
- Offers dedicated IP addresses
- No split tunneling feature
- A bit pricey on shorter-term plans
Beside just turning off the internet, PureVPN gives you a few extra settings with which to tweak the kill switch. After a connection drop, you can have the client try to automatically re-connect to the VPN instead of you doing so by hand. I find I turn on this feature quite often. The less babysitting I have to do, the better.
Another option lets the kill switch trigger even if you disconnect from the VPN manually. This too can be rather useful. It basically prevents you from accidentally turning off the VPN while still doing something important.
You can easily toggle all the above settings in PureVPN’s client.
Infrastructure wise, PureVPN has servers in 129 countries around the world. This makes them the best of the best for geographical diversity. The performance of those servers is also right up there thanks to a recent upgrade cycle. So whether you like to stream 4K videos or are a heavy downloader, you’re in excellent hands.
PureVPN is one of the oldest and most popular VPNs around. They deliver on all fronts and are a provider you simply can’t go wrong with.
- Huge server network (129 countries)
- Fast speeds
- Unblocks Netflix, iPlayer, and over 70 other streaming services
- Compatible with over 50 devices and platforms
- Independently verified zero log VPN provider
- Dedicated IP option
- Great value
- Apps could use a bit more polish
- Some intermittent connection problems
When it comes to privacy, few other services do things better than CyberGhost. They have strong encryption, a strict no-logging policy, and operate out of a privacy-friendly country. It then only makes sense that a kill switch is available as a just-in-case back up to all those great anonymity features.
The kill switch included in CyberGhost’s software is always on (hence no screenshot on where to find it). For the vast majority of users, that’s a good thing. The feature works, and it works well.
If, however, you’re more of a VPN power user, there may be situations in which you would like it to be off. In that case you’ll need to look at one of the other providers.
CyberGhost delivers on all other fronts too. They have plenty of servers for you to choose from spread across the entire globe. This VPN also offers excellent download speeds and comes with client support many others should look up to as an example of doing things right.
- Zero logging for maximum privacy
- Excellent server distribution with over 6600 servers in 90 countries
- Very fast connection speeds
- Works with US Netflix and BBC iPlayer
- Allows P2P torrenting
- Long 45-day money-back guarantee
- Parent company with a questionable reputation
- Convoluted manual OpenVPN setup
- Doesn't work from China
Please note that the short list above is, of course, by no means exclusive. They’re just my personal favourite providers that implement this functionality. Many other VPNs do as well. For example, ExpressVPN has a kill switch as well. So do Private Internet Access and VyprVPN.
Enabling Connection Monitoring
Once you sign up with an internet kill switch VPN, the next step is to make sure the feature is enabled. The way to do it will vary depending on the software of your VPN provider.
For the most part, activating or deactivating the killswitch will simply be available in the settings menu of the VPN software. Every provider worth its salt will have specific instructions on how to find it.
It’s also important to find the setting before using the VPN for the first time. Not all providers enable the feature by default.
How to Test a VPN Kill Switch
Under normal conditions, it can be difficult to test an internet off switch. Really, the best way is to use the VPN and wait for an interruption. That said, there are a couple of simple ways in which you can try to force the feature to trigger.
Both ways involve streaming video.
Connect to the VPN and head over to Netflix, YouTube or any other major streaming service of your choice. Once there, start streaming a video in the highest quality available.
Next, momentarily disconnect your Wi-Fi or wired connection. Since speed is of the essence, the latter is a better choice.
The brief interruption should cause the VPN to disconnect and attempt to reconnect itself. When it disconnects, the video you’re playing should either pause or try to buffer. It shouldn’t recover until you see that the VPN has reconnected.
Alternatively, some VPN providers allow their kill switches to operate in a per-application mode. In other words, when the feature triggers, it closes applications that are using the internet instead of blocking your connection system-wide.
In this case, after repeating the video instructions given above, the web browser you’re using to stream should close the moment the VPN connection drops. If it does, your killswitch is working. If it doesn’t, something’s not quite right.
The Leading Causes of VPN Disconnects
Although a kill switch will help maintain your privacy in the event of VPN trouble, the best thing to do is to minimize the need for it to turn on in the first place.
When you understand what may cause a VPN to glitch out, you can then try to mitigate those factors as much as possible. The three most common causes of VPN disconnects are as follows.
More often than not, problems with VPN stability are traced back to issues affecting the underlying internet connection. Things like poor Wi-Fi signal strength lead to dropped data packets which ultimately lead to VPN disconnects.
The solution is simple. Either move closer to the Wi-Fi source or switch to a wired connection.
Beyond your local network, congestion and packet loss on the internet path between your home and the VPN server can cause problems too. These sort of issues are, unfortunately, entirely outside your control.
In this second case, the only option you have is to try and change the path your data takes. You can do so by connecting to a different VPN server.
Most VPN providers offer different levels of encryption for you to choose from. The higher and more secure the encryption, the more processing power it needs.
VPN connections may become unstable due to the lack of processing power necessary to handle encryption. Either the server or your device (or both) may have difficulty dealing with the overhead needed for higher levels.
If you suspect that’s the case, simply turn down the encryption to a lower setting (which will still be more than good enough for everyday use). If the VPN drops stop, you found your culprit.
Choice of VPN Protocol
Often, VPN providers also allow you to switch between the UDP or TCP connection protocol (especially with OpenVPN). For our purposes, the only thing you need to understand about these two settings is that TCP connections are more stable than UDP connections.
So, merely switching from UDP (which tends to be the default) to TCP may fix your VPN drops. Do note, however, that TCP connections tend to be a bit slower (which is why UDP is typically the default).
Router, Firewall, and Antivirus Settings
In some cases router settings, firewalls, and antivirus software may interfere with a VPN connection and cause it to become flaky.
The easiest way to check if this is the case is to disable all your firewalls and antivirus programs temporarily. If VPN stability improves, start re-enabling them one by one.
By using the process of elimination, you should be able to find out where the problem lies.
A VPN provider may also be able to tell you which specific settings to check. Don’t hesitate to contact support and ask for help.
Other Ways of Protecting Against VPN Drops
What happens in the situation where you think that having VPN kill switch is a great idea (it is) but the VPN provider you’ve been happily using for years doesn’t have one? There are a couple of third-party applications which can help.
VPNetMon is a freeware solution which provides IP address monitoring and, along with it, internet off switch functionality.
To use it, you start off by specifying the IP address assigned to your device after connecting to a VPN. You can go to a website like https://www.whatsmyip.org/ to find out what it is.
With the IP specified, open all internet-connected software (like your browser or P2P client) through VPNetMon’s interface.
If at any point the VPN connection drops, VPNetMon will detect a change of IP address. This will trigger the kill switch and quit all the software you’ve opened earlier through its interface.
Available in free and paid versions, VPN Watcher works in much the same way as VPNNetMon.
The paid version, however, allows for more frequent connection checking. That reduces the chances of a significant data leak when the VPN connection drops.
VPN Watcher can also control an unlimited number of internet-connected applications and has an option to suspend, rather than close, programs when a problem with the VPN is detected.
The Bottom Line
VPNs these days are quite robust, and constant connection drops are generally a thing of the past. That said, they still do happen occasionally.
If anonymity is one of your concerns and keeping your online activities private at all times important, a VPN kill switch is a must.
VPNs with Internet Kill Switch Comparison