What Is a VPN Kill Switch?
A VPN kill switch is a security feature that immediately blocks all internet traffic if the VPN connection drops unexpectedly. Without it, your device falls back to your regular ISP connection the moment the VPN tunnel fails - Exposing your real IP address until you reconnect.
Why Kill Switches Matter
| Scenario | Without Kill Switch | With Kill Switch |
|---|---|---|
| VPN client crashes mid-session | All traffic immediately routes through ISP - Real IP exposed | All traffic blocked until VPN reconnects |
| Network change (Wi-Fi to mobile) | VPN may reconnect slowly; traffic leaks during gap | Traffic blocked during transition |
| VPN server overloaded, connection dropped | Fallback to ISP without warning | Internet cut until you reconnect to working server |
| OS wake from sleep | VPN may not reconnect immediately | No traffic until VPN is active |
Types of Kill Switch Implementations
| Type | How It Works | Pros | Cons |
|---|---|---|---|
| Application-level | The VPN client monitors the tunnel and blocks specific apps if VPN drops | Allows non-VPN traffic for selected apps | Does not protect traffic outside the blocked app list |
| System-level (firewall) | Adds firewall rules (iptables, Windows Firewall) that block all non-VPN traffic | Comprehensive - Protects all traffic including background apps | Cuts all internet when VPN is off; must be disabled to use internet without VPN |
| Always-on VPN (OS-level) | Operating system enforces VPN for all apps with no bypass (Android, iOS) | Strongest protection; cannot be bypassed by any app | Requires OS-level configuration, may not be user-friendly |
How to Verify Your Kill Switch Works
- Connect to your VPN and note the IP shown on our VPN Leak Test.
- In your VPN client, enable the kill switch option.
- With the VPN still connected, force-close the VPN client process (Task Manager on Windows, Activity Monitor on macOS, or
killon Linux). - Immediately try to load a website or refresh the leak test page.
- If the kill switch works, the page should fail to load. If your real IP appears, the kill switch is not functioning.
- Reopen your VPN client, reconnect, and verify the VPN IP is showing again.
See also: Does My VPN Work? | VPN Logging Policies | Hide My IP Guide.