What is a VPN kill switch?

A VPN kill switch is a safety feature that blocks internet traffic if the VPN connection drops. This prevents your real IP and DNS requests from leaking while the VPN reconnects.

Do I really need a kill switch?

If you care about privacy, yes. Without it, a brief VPN disconnect can expose your real IP to apps, torrents, or websites before you notice.

How can I test if my kill switch works?

Connect to your VPN, start a continuous connection (e.g., video stream), then force-quit the VPN or block it via firewall. A working kill switch should cut internet access until the VPN reconnects. Re-test on your IP leak page.

Why does my internet stop when the VPN disconnects?

That's the kill switch doing its job. It blocks traffic to prevent leaks. Disable it temporarily if you must use the internet without VPN, then re-enable it.

VPN Kill Switch Guide – What It Is, Why It Matters, and How to Test (2025)

What Is a Kill Switch?

A VPN kill switch is a fail-safe that blocks internet traffic if your VPN disconnects unexpectedly. Without it, apps and browser tabs can briefly use your normal connection, revealing your real IP and DNS requests.

Key idea: A kill switch buys you time. It cuts traffic the instant the VPN tunnel drops, and restores it only after a secure connection is back.

Types of Kill Switches

App-level kill switch: Built into the VPN app. Easy to enable, protects all traffic by blocking outside the tunnel.
System/OS-level (firewall-based): Uses OS firewall rules to allow only the VPN interface. Most robust; persists across app crashes.
Custom rules: Advanced users can write firewall rules (e.g., Windows Firewall, pf, iptables) to block everything except the VPN adapter.

Pro tip: Prefer VPNs that use system-level enforcement for their kill switch. It's harder to bypass during app crashes or sleep/wake transitions.

How to Enable a Kill Switch (Popular Platforms)

Windows

In your VPN app, open Settings → Security and toggle Kill Switch on.
Optional: Create Windows Firewall rules that only allow traffic when the VPN adapter is up.
Test below to confirm it actually blocks traffic on drop.

macOS

Enable the kill switch in the VPN app.
For stricter control, use a firewall app (e.g., Little Snitch/Lulu) to allow only VPN interface.
Reboot or re-connect; then test.

iOS & Android

Enable the kill switch or Always-on VPN / Block connections without VPN in OS settings (availability varies by version).
In the VPN app, turn on kill switch and leak protections.
Test on mobile data and Wi-Fi; behavior can differ.

Linux

Enable kill switch in the VPN app if supported (often iptables/nftables backed).
DIY: write iptables/nftables rules to drop traffic unless via the VPN interface.
Test with your leak page + curl to confirm blocking on drop.

How to Test Your Kill Switch (2 Minutes)

Connect to your VPN and open our IP & DNS Leak Test in one tab; start a video stream in another.
Force a drop: disconnect the VPN from the app, or force-quit the app.
Pass: Internet cuts off immediately. Tabs time-out. After the VPN reconnects, traffic resumes.
Fail: Pages keep loading using your real IP. Fix it using the steps below.

Heads up: Some apps (e.g., torrent clients) can maintain sockets during brief drops. Enable their built-in "use VPN network interface only" option where available.

Common Kill Switch Issues (and Fixes)

Works once, then fails: Re-install the VPN app; stale drivers/adapters can break enforcement.
Sleep/wake leaks: Disable sleep during sensitive tasks, or use a VPN with OS-level firewall enforcement.
Split tunneling bypass: Don't split-tunnel sensitive apps. Split rules can bypass the kill switch.
Custom DNS leaks: Force VPN DNS in the app; disable "use ISP DNS". Test again.
Captive portals/public Wi-Fi: Complete the portal first, then connect VPN + kill switch, then re-open sites.

Recommended VPNs with Reliable Kill Switch

We've had consistent success with these providers' kill switch implementations:

Get NordVPN Try Surfshark

or compare all options on Best VPNs for Privacy.

Related Guides

Summary

A kill switch is essential if you care about privacy. Turn it on, use providers with strong OS-level enforcement, avoid risky split tunneling, and test regularly. If something breaks, the fixes above usually solve it fast.