Using a VPN service is great for that warm sense of security that comes from knowing your online activity is hidden from view. Unfortunately, even the most stable connections occasionally ‘fail’ (disconnect from the VPN server). When this happens, the data packets are usually just routed through you ISP as normal, leaving your activity exposed. This can be particularly dangerous for people who leave BitTorrent clients running while they are away from their computers, as it means that trackers can be used to identify who they are, and what they are downloading.
Fortunately, there are now a number of ways to prevent either the whole computer, or selected programs accessing the internet once a VPN connection has been disconnected.
1. VPN clients with an ‘internet kill switch’
Perhaps the simplest way to ensure that no programs access the internet except over VPN, is to use am ‘internet kill switch’ built into your providers VPN client. Choosing this setting in the client’s Settings dialogue will prevent all traffic in and out of the computer in the event of a VPN fail.
Unfortunately this is a feature that we don’t see often enough, but is becoming more common. Some providers who do include a kill switch in their VPN clients are:
- Private Internet Access (Windows & OSX) – Settings/VPN kill switch
- CyberGhost (Windows & OSX) – Settings/General/Action in the event of lost connection
- Mullvad – (Windows, OSX & Linux) -Settings/Block the internet on connection failure
- Hide My Ass – Secure IP bin
- AirVPN (‘Network Lock’)
*Update March 2016: Please note this list is far from exclusive, as kill switches have become much more common since this article was first published.
Occasionally you may encounter problems re-connecting to the internet using this method. This is easily fixed by right-clicking on your internet connection and selecting ‘Troubleshoot problems’, which will reset your adaptor.
2. Use Vuze to download torrents
The popular BitTorrent client Vuze now (starting with version 184.108.40.206) includes a feature that detects whether it is running over VPN. If it finds that it’s not, it will alert the user with a pop-up warning, asking if they wish to only use the client over VPN. In theory this should work automatically, but when we tried, it didn’t. It is however not too difficult to set up manually.
a) Make sure that your VPN connection is active, then in Vuze go to Tools -> Options -> and select ‘Advanced’ under ‘User Proficiency’
b) Then go to Connection -> Advanced Network Settings and look through the list for your VPN connection. It will look something like:
Windows (PPTP/L2TP) – WAN Miniport
Windows (OpenVPN) – Tap-Win32 Adapter V9
OSX – tun0 (or whatever network interface displays your VPN IP address)
Enter the interface name in the ‘Bind to local IP address or interface’ dialogue above the list
c) Head down to the bottom of the list and make sure you check ‘Enforce IP bindings…’
d d) The little routing icon at the bottom of the Vuze client should now show green to let you know everything is working correctly. If you disconnect from your VPN provider the icon should turn red, and all torrent downloads will come to a stop.
3. Use VPNetMon
(Windows XP, Vista & 7)
VPNetMon is, as the name suggests, a VPN monitor that can be downloaded for free from here. It works by keeping a continual eyeon the IP address of your VPN, and if it is not detected will close any specified programs at once. According to Felix the creator, this happens so quickly that no new connection will be made from your real IP address.saa
a) Download, extract and run VPNetMon, then click ‘Opt’
b) You need to select any programs you want to shut down when the VPN disconnects (1). You must then enter the first part of your VPN’s IP in the VPN IP Start box (2). This number can be found in one of the lower IPV4 Address boxes (3) when you are connected to your VPN
c c) When you now connect to your VPN as normal, you should see your VPN IP address in one of the lower IPV4 Addresses boxes showing green (4). Programs you wish protected (which you selected in step b), should be launched from within the VPNetMon (5)
d d) you can test that everything is working correctly by disconnecting from your VPN. All specified programs will immediately shut down.
4. VPN Check
(Windows & Linux)
VPNCheck is another VPN monitoring program that will close down any specified programs when your VPN connection fails. Unlike VPNetMon, VPN Check is commercial piece of software that has a basic free edition, and a more fully featured Pro edition. We used the Free edition, but both versions can be downloaded from here .
a) Download, install and run VPN Check, then Click on ‘Config’
b) Fill in your VPN account info (1). Although the documentation says that VPN Check works best with the ‘classic’ OpenVPN client, we found it worked just fine with the Private Internet Access’s custom software. Next add any programs (2) you want to shut down in the event of a VPN disconnect and close the window (the free version allows a maximum of 3 programs to be added here)
c) Back at the Status screen, choose either ‘Cycle: IP Task’ to shut down the individual programs you selected above if your VPN disconnects, or ‘Cycle IP: Network’ to shut down your whole internet connection
5. Manually configure your OS settings
Arguably the most secure way of ensuring that certain programs, or your entire internet connection, shuts down when disconnected from a VPN server is to fiddle with the inner workings of your OS. This has the advantage of not needing to rely on third party software, which may go wrong, and is a more direct approach. However it is complicated, and will require some research and computer know-how. To get you started, here is a guide to changing TC/IP routes in Windows, and one on setting up firewall rules in Ubuntu. Good luck!
Sooner or later every VPN user starts to worry about what will happen if their VPN connection drops while they are away. After all, we all know it happens from time to time, and what is the point of using VPN if your online activity can be exposed for all to see, sometimes for hours at a time, because you weren’t around to close down your programs? Well, as we have seen above, there are a number of methods available (most of them free) to help give you piece of mind.
Update 7 February 2014: We have just reviewed another ‘VPN kill switch’ program, VPN Watcher (Windows & OSX). Also, PIA’s Android app now includes the kill switch feature found in its desktop client.
Update 15 July 2014: We have written an article explaining Build your own VPN kill switch in Windows using Comodo.