Killswitch

When using a VPN service to secure your internet connection and protect your privacy online, an unexpected disconnection from the VPN server can potentially expose your real IP address and traffic. This is where the VPN Killswitch feature comes in.

What is a VPN Killswitch?

The killswitch module activates when the VPN tunnel is initiated, before the secure connection is fully established. Once enabled, the killswitch blocks all network traffic outside of the VPN tunnel, with the following exceptions:

• Local network traffic: A separate module manages local network traffic, allowing communication within the local network environment.

• Bypassed processes and domains: The killswitch allows direct connections for specific processes or domains that are explicitly permitted through user-defined rules.

Use Cases

You're a remote worker handling sensitive company data. You're using a VPN to securely connect to the company network. The VPN Killswitch feature protects your data not only when the VPN connection drops but also when certain applications attempt to bypass the VPN tunnel. For example, even when the VPN is connected, some applications like qBittorrent can send traffic through all active network adapters, ignoring the system's routing settings. In such cases, an active Killswitch module blocks all traffic that tries to go outside the VPN tunnel, ensuring your data remains secure.

In another example, your business operations involve transferring large files containing sensitive data to clients or partners. You use a VPN to encrypt these transfers. An unexpected VPN drop during a transfer could expose a portion of the unencrypted data. With the Killswitch, the transfer would be halted until the secure VPN connection is reestablished.

Enabling Killswitch

In our VPN SDK, the Killswitch can be enabled in a couple ways:

1. By setting the EnableKillSwitch parameter to true when starting the VPN connection:

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = true, //killswitch turned on
    VpnNode = node,
};

var vpnResponse = sdk.StartVpn(startVpnRequest);

1. By calling the EnableKillSwitch method on the SDK directly:

await sdk.EnableKillSwitchAsync().ConfigureAwait(false);  // Killswitch turned on

Disabling Killswitch

Similarly, the Killswitch can be disabled by setting EnableKillSwitch to false in the StartVpnRequest or by calling await sdk.DisableKillSwitch().ConfigureAwait(false);

Using Killswitch for Expected Disconnections

The Killswitch can also be used to prevent traffic leakage during an expected VPN tunnel shutdown. To do this:

1. Set the KeepKillSwitchEnabled property to true

2. Start the VPN with EnableKillSwitch set to true

3. Call the StopVpn() method o the SDK

The Killswitch will stay enabled and block traffic even after disconnecting.

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = true, //killswitch turned on
    VpnNode = node,
};

var startVpnResponse = sdk.StartVpn(startVpnRequest);

var stopVpnRequest = new StopVpnRequest
{
    KeepKillSwitchEnabled = true,
};

var stopVpnResponse = sdk.StopVpn(stopVpnRequest);