What a VPN kill switch does (and when you need it)
Stopping accidental leaks when the tunnel drops — without drama.
A kill switch (sometimes called a firewall or network lock) blocks traffic that would otherwise leave your device outside the VPN tunnel. If the client reconnects or the tunnel fails, your real IP should not appear briefly on the open internet.
There are different implementations. Some block all traffic globally; others offer app-level rules or split tunneling exceptions. Always read what your client actually enforces on your platform — behaviour can differ between Windows, macOS, Linux, iOS, and Android because of OS APIs.
A kill switch complements DNS leak protection and protocol choice; it does not replace HTTPS, disk encryption, or careful sharing of credentials. After enabling it, disconnect the VPN on purpose once in a safe environment to confirm your apps behave as expected.
Key takeaways
- Test with a short deliberate disconnect on Wi‑Fi you control.
- Pair with always-on or auto-connect if your threat model needs it.
- Re-check after major OS upgrades; network stacks change often.