I have a separate computer exclusively for VPN usage. How do I ensure internet does NOT work without VPN? (I don't want to rely on Kill Switch)

I have a computer, and every single thing over this computer has to go through VPN.

But I have other devices (phones and laptops) that shouldn’t be connected to VPN. So, not looking for a new router.

How do I ensure that the computer dedicated for VPN does NOT work without VPN?

I mean to say, I want to remove the connectivity options to internet without VPN.

I don’t want to rely on Kill Switch alone.

For now, I’m using the computer with Wi-Fi, but will soon move to Ethernet connection.

Thanks in advance!

Add one of their dns entries to the network adapter properties. That way websites won’t display unless connected

You can buy special purpose mini-PCs and install OPSense on them to act as a dedicated, external VPN box that sits between your computer and your existing router/switch or modem/internet service provider. Your computer will not even know it is communicating with the internet through a VPN tunnel. Because you’re setting up your VPN traffic as a NAT rule, OPSense cannot send traffic outside of the VPN tunnel, regardless if the VPN servers are up or down.

Example, of mini-PC: https://www.aliexpress.com/item/1005005535612244.html

There are tons of similar PCs with a vast array of specs and capabilities.

Then install OPSense and setup WireGuard and NAT: https://0x2142.com/how-to-protect-your-home-network-with-mullvad-vpn-opnsense/

Note that OPSense is not meant to be a software switch. If you want more than one device to go through this VPN box/router, you will also need a normal network switch.

You can put this VPN box between your computer and your existing router/switch/modem, and that way you can have only the computer go through VPN (without even knowing) and everything else not go through the VPN.

PS. If performance/bandwidth is important, you need a mini-PC with some oumph. For instance, Intel J4125 based machines can only do around 500 mbit/s over WireGuard in OPNsense: https://www.reddit.com/r/OPNsenseFirewall/comments/11vjbl7/j4125_with_intel_225_wireguard_performance/

Newer chips such as N100 have around twice the performance of J4125, so they should be able to go faster: https://www.cpu-monkey.com/en/compare_cpu-intel_celeron_j4125-vs-intel_processor_n100

This is how I do this.

I place the system on a separate VLAN (configured in my router, you need a good router for this). Then, on that VLAN I block every IP address using the firewall rules except for the IP address of the VPN server. Voila, I have a safety net, only my VPN’s IP address can be reached. It has worked well for me for a few years now.

I believe that’s what lockdown mode does

Mullvad’s VPN app, at least for the Mac, has the features, where you can stipulate what apps must go via VPN and you can also set it to prohibit any traffic from going other than via VPN.