I don’t know if it’s possible to implement “VPN kill switch” that instantly disables internet connection when VPN drops - if it is, kill switch would be a nice feature to have in the client.
I have zero interest in VPN providers’ own clients, I prefer open multiplatform VPN client.
One possible reason is that this had to be done on a per-OS basis.
Put it simply, it’s not part of their project.
Such “switches” should exist at Operating system or Firewall level.
Just remove your default route before connecting to the VPN, Add a static route for the IP of the VPN server via the gateway address that was your default.
If your VPN drops, the only thing you will be able to reach is the VPN server, and devices on your local network.
Lets say your VPN server is at 192.0.2.0 and this is your normal route table
client:~# ip route
default via 192.168.32.1 dev eth0
192.168.32.0/24 dev eth0 proto kernel scope link src 192.168.32.10
Drop your default and add a route to the vpn server
client:~# ip route
192.0.2.10 via 192.168.32.1 dev eth0
192.168.32.0/24 dev eth0 proto kernel scope link src 192.168.32.10
You mention OpenVPN. OpenVPN supports script hooks that could be easily used to modify your route table like above.
It is called a firewall.
This feature has been talked about at a few OpenVPN meetings that I have attended. The consensus is that it can already be done for all operating systems, and to add the killswitch to all platforms and configurations would be incredibly complicated and problematic.
It is easier to create guides for the people that want to it themselves on their particular platform.
You can roll your own.
As to why they don’t bake it in, not certain.
If you are on linux, look at interface up/down scripts.
Anyone know if there anyway to setup a kill switch on Android?
I don’t have root, probably makes it harder
All you have to do is connect to your VPN and then use iptables or the VPN configuration file itself to setup persistence aka a kill switch that only allows connections through the VPN in case it drops.
This exists at the OS level, just configure your route table properly.
Thank you, but quite a lot of links are to commercial VPN services and will likely result in your post getting deleted.
The assumption here is OpenVPN connect.
I posted many different how-to links that all relate to what I was talking about from many different places, not from a single source, so hopefully they wont mind.
I went with the cheapest VPN I could find that was outside of the USA and had a pretty good reputation, it was not one of the above.