Understanding a VPN Kill Switch

VPNs are becoming increasingly popular with internet users all over the world. And it's little wonder. We're all trying to find ways to protect our privacy and security in an environment which sometimes makes that very hard to do.

By providing us with a fully-encrypted and private connection to the internet, a VPN gives us the safety and anonymity we want. That protection, however, is only as strong as its weakest link. A VPN kill switch is there to ensure that if and when that link breaks, we're protected.

Why Are Kill Switches Needed

No service on the internet will ever be 100% reliable. That includes VPNs.

VPN connections are susceptible to malfunctions caused by several factors outside your control. These malfunctions include anything from partially sending traffic over an unsecured connection to full disconnects without warning (with the latter more common).

When a malfunction happens, the device using the VPN typically goes back to using its default internet connection. This happens automatically. Worse, this also usually happens without you being aware.

That default connection is of the standard, unencrypted (and therefore not private) variety. So just like that, your data once again become exposed to all types of potential risks.

VPN providers realize, of course, that's a big problem, and most have a solution built right into their software. That solution is called a kill switch. It's job, to automatically block all internet traffic the instant a VPN runs into any issues.

What is a VPN Kill Switch

Put simply, a VPN kill switch is a software feature that continuously monitors a VPN connection. It quietly runs in the background, looking for signs of trouble.

Most VPN services include one as part of the client application.

When it detects a problem, the kill switch triggers and stop all of your device's traffic from reaching the internet. It effectively kills your connection.

Have you ever used a VPN to all of a sudden find your downloads have stopped and nothing is working? You've likely witnessed a killswitch in action. Yes, it can be annoying. But, don't hate it for doing its job and keeping you protected.

A kill-switch for the internet

Once your internet is disabled, it will stay it off until the VPN once again starts working. That may sometimes happen automatically after a few seconds (networks are finicky creatures). Other times, you may need to reconnect manually.

After the VPN connection is restored, the kill switch will go back to its default monitoring state.

You can also, of course, bring back your internet by turning off your VPN app. Just remember, you'll no longer be protected.

How Does It Work

VPN kill switches can use a variety of monitoring and detection methods to determine the health of a connection.

One of the most common ways involves using IP address detection. This works similar to how a site like https://ipleak.net/ does.

The internet kill switch makes sure that only the IP associated with the VPN server is visible to the outside world. The moment that's no longer the case, it pulls the plug.

Another popular implementation relies on the software keeping a continuous connection to a non-public IP, one that can only be reached by using the VPN. If that connection fails, the killswitch activates.

Either way, the net result is the same. As soon as there's a problem, expect a quick disconnection of your device from the internet.

Why Use VPN Kill Switches

As mentioned earlier, many of us rely on VPNs to protect our security and privacy when using the internet. If the VPN fails, we're no longer protected.

Most of the time that may be of little consequence. Sometimes, however, that's far from being the case.

Take, for example, journalists and activists who use a VPN to prevent authoritarian regimes from tracking them. They cannot afford their data to go unprotected for even an instant.

Users of peer-to-peer file transfer software also must take special care. Many use VPNs to conceal their real IP address. If the VPN connection drops, their ISP-provided IP is plain to see. They become easy targets for any copyright trolls who may be monitoring their connection.

No matter what our reasons for using a VPN, a kill switch helps make sure we get the security and privacy benefits we expect at all times.

Which VPNs Have a Kill Switch

These days, many providers include an internet kill switch as part of their service. That doesn't mean, however, that it is always obvious which ones do.

Part of the reason is that VPNs often adopt their own fancy sounding names for the feature. There is no real standardization.

When you're looking for a VPN service, it's usually possible to figure out which ones offer a kill switch by simply scanning over the homepage of their website. It's something that's so commonly requested that if it's available, you can bet they'll advertise it.

If the homepage says nothing, check out the features or FAQ sections of the site. If you're still not sure or there is any ambiguity, talk to the provider's customer support to get a straight answer.

Of the most popular VPN providers, here are three which I know for sure offer kill switch functionality. Where applicable, I've also included a screenshot of where to find the setting.

PureVPN logoPureVPN

Pros
  • Fast speeds
  • Top notch geographical server diversity (143 countries)
  • Compatible with over 50 platforms and devices
  • Innovative split tunneling feature
  • Dedicated IP option
Cons
  • No quick start option
  • Some potential security issues with DNS leaks
  • Select servers can have intermittent connection problems

One of my go-tos, PureVPN's simple to use client comes packed with many advanced technologies. In addition to a kill switch, it also includes ad-blocking and server-level antivirus.

Beside just turning off the internet, PureVPN gives you a few extra settings with which to tweak the kill switch. After a connection drop, you can have the client try to automatically re-connect to the VPN instead of you doing so by hand. I find I turn on this feature quite often. The less babysitting I have to do, the better.

Another option lets the kill switch trigger even if you disconnect from the VPN manually. This too can be rather useful. It basically prevents you from accidentally turning off the VPN while still doing something important.

You can easily toggle all the above settings in PureVPN's client.

Location of internet kill switch in PureVPN client app

Infrastructure wise, PureVPN has servers in 143 countries around the world. This makes them the best of the best for geographical diversity. The performance of those servers is also right up there thanks to a recent upgrade cycle. So whether you like to stream 4K videos or are a heavy downloader, you're in excellent hands.

PureVPN is one of the oldest and most popular VPNs around. They deliver on all fronts and are a provider you simply can't go wrong with.

Visit PureVPN's Website

NordVPN logoNordVPN

Pros
  • Anonymous provider with zero logging
  • Nearly 5000 servers in 62 countries (and growing)
  • Great server performance across the board
  • Purpose optimized servers, including streaming and P2P
  • Clean, easy to use client
  • Industry leading six simultaneous connections
Cons
  • Can't pick specific cities to connect to
  • A few nice-to-haves missing from the macOS client

Plenty of people consider NordVPN one of the top, if not the top, services in the market. And seeing how I use them on a nearly daily basis, I fully agree.

From a clean and intuitive client to many technologically advanced features (including, of course, a killswitch), this is a VPN that seems to be doing everything right.

NordVPN's kill switch comes in two flavors. The first option is the classic one. It completely blocks access to the internet if a VPN drop is detected.

The second option lets you specify the exact apps you would like to have shut down if the VPN connection runs into problems. So you can, for example, have your BitTorrent client killed but continue to enjoy an uninterrupted experience in your browser (assuming, of course, you don't care that your web browsing is no longer private).

Front and center in the NordVPN settings menu, the kill switch toggles are very easy to find.

Location of internet kill switch in NordVPN client app

NordVPN is based out of Panama (where online censorship or surveillance are not in anybody's vocabulary) and does absolutely zero logging. So, complete privacy is assured.

They also run an impressive and evergrowing number of servers across 62 countries. Those servers can take any form of punishment you throw at them too (as evidenced by my NordVPN speed tests).

Bottom line, Nord's reputation as a top VPN provider is well deserved.

Visit NordVPN's Website

CyberGhost logoCyberGhost

Pros
  • True zero logging for maximum privacy
  • Excellent server distribution with over 3000 servers in 60 countries
  • Fast connection speeds
  • Very generous seven simultaneous connections limit
  • Allows P2P torrenting
  • Long 45-day money back guarantee
Cons
  • Expensive if you pay monthly (very affordable if you don’t)
  • Performance could be better in a few countries
  • macOS client missing some features

When it comes to privacy, few other services do things better than CyberGhost. They have strong encryption, a strict no-logging policy, and operate out of a privacy-friendly country. It then only makes sense that a kill switch is available as a just-in-case back up to all those great anonymity features.

The kill switch included in CyberGhost's software is always on (hence no screenshot on where to find it). For the vast majority of users, that's a good thing. The feature works, and it works well.

If, however, you're more of a VPN power user, there may be situations in which you would like it to be off. In that case you'll need to look at one of the other providers.

CyberGhost delivers on all other fronts too. They have plenty of servers for you to choose from spread across the entire globe. The VPN offer excellent download speeds and comes with client support many others should look up to as an example of doing things right.

Visit CyberGhost's Website

Please note that the short list above is, of course, by no means exclusive. There are many VPNs that implement this functionality. For example, ExpressVPN has a kill switch as well. So do Private Internet Access and IPVanish.

Enabling Connection Monitoring

Once you sign up with an internet kill switch VPN, the next step is to make sure the feature is enabled. The way to do it will vary depending on the software of your VPN provider.

For the most part, activating or deactivating the killswitch will simply be available in the settings menu of the VPN software. Every provider worth its salt will have specific instructions on how to find it.

It's also important to find the setting before using the VPN for the first time. Not all providers enable the feature by default.

How to Test a VPN Kill Switch

Under normal conditions, it can be difficult to test an internet off switch. Really, the best way is to use the VPN and wait for an interruption. That said, there are a couple of simple ways in which you can try to force the feature to trigger.

Both ways involve streaming video.

Connect to the VPN and head over to Netflix, YouTube or any other major streaming service of your choice. Once there, start streaming a video in the highest quality available.

Next, momentarily disconnect your Wi-Fi or wired connection. Since speed is of the essence, the latter is a better choice.

The brief interruption should cause the VPN to disconnect and attempt to reconnect itself. When it disconnects, the video you're playing should either pause or try to buffer. It shouldn't recover until you see that the VPN has reconnected.

Alternatively, some VPN providers allow their kill switches to operate in a per-application mode. In other words, when the feature triggers, it closes applications that are using the internet instead of blocking your connection system-wide.

In this case, after repeating the video instructions given above, the web browser you're using to stream should close the moment the VPN connection drops. If it does, your killswitch is working. If it doesn't, something's not quite right.

The Leading Causes of VPN Disconnects

Although a kill switch will help maintain your privacy in the event of VPN trouble, the best thing to do is to minimize the need for it to turn on in the first place.

When you understand what may cause a VPN to glitch out, you can then try to mitigate those factors as much as possible. The three most common causes of VPN disconnects are as follows.

Network Conditions

More often than not, problems with VPN stability are traced back to issues affecting the underlying internet connection. Things like poor Wi-Fi signal strength lead to dropped data packets which ultimately lead to VPN disconnects.

The solution is simple. Either move closer to the Wi-Fi source or switch to a wired connection.

Beyond your local network, congestion and packet loss on the internet path between your home and the VPN server can cause problems too. These sort of issues are, unfortunately, entirely outside your control.

In this second case, the only option you have is to try and change the path your data takes. You can do so by connecting to a different VPN server.

Encryption Settings

Most VPN providers offer different levels of encryption for you to choose from. The higher and more secure the encryption, the more processing power it needs.

VPN connections may become unstable due to the lack of processing power necessary to handle encryption. Either the server or your device (or both) may have difficulty dealing with the overhead needed for higher levels.

If you suspect that's the case, simply turn down the encryption to a lower setting (which will still be more than good enough for everyday use). If the VPN drops stop, you found your culprit.

Choice of VPN Protocol

Often, VPN providers also allow you to switch between a UDP or a TCP connection protocol. For our purposes, the only thing you need to understand about these two settings is that TCP connections are more stable than UDP connections.

So, merely switching from UDP (which tends to be the default) to TCP may fix your VPN drops. Do note, however, that TCP connections tend to be a bit slower (which is why UDP is typically the default).

Router, Firewall, and Antivirus Settings

In some cases router settings, firewalls, and antivirus software may interfere with a VPN connection and cause it to become flaky.

The easiest way to check if this is the case is to disable all your firewalls and antivirus programs temporarily. If VPN stability improves, start re-enabling them one by one.

By using the process of elimination, you should be able to find out where the problem lies.

A VPN provider may also be able to tell you which specific settings to check. Don't hesitate to contact support and ask for help.

Other Ways of Protecting Against VPN Drops

What happens in the situation where you think that having VPN kill switch is a great idea (it is) but the VPN provider you've been happily using for years doesn't have one? There are a couple of third-party applications which can help.

VPNetMon

VPNetMon is a freeware solution which provides IP address monitoring and, along with it, internet off switch functionality.

Screenshot of the VPNetMon monitoring tool

To use it, you start off by specifying the IP address assigned to your device after connecting to a VPN. You can go to a website like http://www.whatsmyip.org/ to find out what it is.

With the IP specified, open all internet-connected software (like your browser or P2P client) through VPNetMon's interface.

If at any point the VPN connection drops, VPNetMon will detect a change of IP address. This will trigger the kill switch and quit all the software you've opened earlier through its interface.

VPN Watcher

Available in free and paid versions, VPN Watcher works in much the same way as VPNNetMon.

Screenshot of the VPN Watcher monitoring tool

The paid version, however, allows for more frequent connection checking. That reduces the chances of a significant data leak when the VPN connection drops.

VPN Watcher can also control an unlimited number of internet-connected applications and has an option to suspend, rather than close, programs when a problem with the VPN is detected.

The Bottom Line

VPNs these days are quite robust, and constant connection drops are generally a thing of the past. That said, they still do happen occasionally.

If anonymity is one of your concerns and keeping your online activities private at all times important, a VPN kill switch is a must.

Internet Kill Switch VPN Provider Summary

Rank
Provider
Kill Switch
Features
Cost
1

Speed Test | Server List
Yes
Countries:143
Servers:2000+
IPs:-
Protocols:OpenVPN, L2TP, PPTP, SSTP, IPSec/IKEv2
Platforms:Win, Mac, Linux, iOS, Android, Routers
Connections:5
Logging:Connection Time Stamps, Connection Data Transfer Amount
Location:Hong Kong
1 Month Plan:$10.95/month
Yearly Plan:$2.99/month
Free Trial:No
Money Back:31 Days
Payment:Credit Card, PayPal, BitCoin, Alipay, Major Gift Cards, CashU, Other Cryptocurrencies, Paymetwall
Visit PureVPN >>
2

Speed Test | Server List
Yes
Countries:62
Servers:4889
IPs:-
Protocols:OpenVPN, L2TP, PPTP, IPSec/IKEv2
Platforms:Win, Mac, Linux, iOS, Android, Routers
Connections:6
Logging:No Logging
Location:Panama
1 Month Plan:$11.95/month
6 Month Plan:$9.00/month
Yearly Plan:$3.99/month
Free Trial:No
Money Back:30 Days
Payment:Credit Card, PayPal, BitCoin, Paymentwall
Visit NordVPN >>
3

Speed Test | Server List
Yes
Countries:60
Servers:3000+
IPs:-
Protocols:OpenVPN, L2TP/IPSec, PPTP
Platforms:Win, Mac, Linux, iOS, Android, Kodi, Routers
Connections:7
Logging:No Logging
Location:Romania
1 Month Plan:$11.99/month
6 Month Plan:$4.99/month
Yearly Plan:$2.75/month
Free Trial:Yes
Money Back:45 Days
Payment:Credit Card, PayPal, Bitcoin
Visit CyberGhost >>

Leave a Reply