Pango Platform
HomeConsole
  • What is Pango Developer Platform
  • Getting started
    • Sign up on the Management Console
    • Create a new project
    • Switch projects
    • Change console settings
    • Edit your profile
    • Try out the demo app
    • Keep exploring
    • Deprecation and Sunset
  • Console details
    • Dashboard
      • General
      • Location loading
    • Users
      • User page
    • Active sessions
    • Network
      • Countries
      • Locations
      • Pools
        • Optimal location
        • Location rules
    • Settings
      • General
        • Project config description (JSON format)
          • Server selector (JSON format)
          • Request selector (JSON format)
      • Authentication methods
        • Auth Plugin requirements
      • VPN
        • General
        • VPN Bypass list
        • Client Networks
      • Member
    • Export Data
    • Log
  • SDK
    • Unified VPN SDK for Android
      • Setup
        • Application Setup
        • Proguard Rules, Notification, and Analytics Configurations
        • Backend URL Configuration
      • Usage
        • Initialization
        • VPN Interface
        • Backend interface
      • Features
        • Hydra Protocol
          • Location profile (Hydra only)
        • Custom sdk dependencies
        • Deferred VPN Service Initialization
        • Authentication
        • Client Network List (CNL)
        • OpenVPN transport
        • Wireguard Transport
        • Reconnection strategy
        • Single Protocol SDK
        • Killswitch
        • Domain route via VPN
        • Process route via VPN
        • Process Bypass
        • Domain Bypass
        • Traffic rules
        • VPN Node DNS Configuration
        • Multihop
          • Optimal Location
      • Exceptions
      • Version migration
      • Changelog
    • Unified VPN SDK for Apple
      • Setup
        • Application Setup
        • Network Extension Setup
          • Network Extension Setup for tvOS
        • Backend URL Configuration
      • Usage
        • Single Protocol SDK
        • Unified SDK
        • Logging
        • Decoding Encoded VPN SDK Logs
      • Features
        • Deferred VPN Service Initialization
        • Authentication
        • Wireguard Transport
        • Reconnection strategy
        • Killswitch
        • Domain Bypass
        • Multihop
          • Optimal Location
        • Client Network List (CNL)
        • Domain route via VPN
      • Changelog
      • API Reference
    • IPSEC VPN SDK for Apple
    • Unified VPN SDK for Windows
      • Setup
        • Backend URL Configuration
        • Service command line arguments
        • ARM Platform Support
      • Usage
        • CoreAPI
        • Events
        • Generating a Unique Device Identifier
        • Error processing
        • Pipe Messaging
      • Features
        • Traffic protection
          • Killswitch
          • Prevent IP Leaks
          • Block Local Networks
        • Other
          • Firewall
            • DNS Monitor
            • Process Bypass
            • Domain Bypass
            • Process route via VPN
            • Domain route via VPN
          • Throttling
          • Optimal Location
          • Common issues
        • Hydra Protocol
          • CustomDNS, UserDNS, MultiHop, VpnProfiles
        • OpenVPN Protocol
        • Wireguard Protocol
        • IPSec Protocol
      • Collecting Debug Logs
      • Changelog
    • Unified VPN SDK for Routers
      • SDK. Shared library.
      • Configuration Interface (CI)
        • Unix Domain Sockets CI
        • REST API CI
    • Unified VPN SDK Feature Comparison By Platform
    • Unified VPN SDK
      • Features
        • Personal Bridge
    • Tunnel Vision and Tunnel Crack Prevention
  • REST API
    • Partner API
  • Sample applications
    • Unified VPN SDK demo for Windows
    • Hydra VPN SDK demo for iOS
    • IPSEC VPN SDK demo for iOS
    • Unified VPN SDK demo for Android
    • Hydra VPN SDK demo for OpenWRT
    • OpenVPN configuration file
  • Resources
    • Use cases
      • Public VPN
      • Business VPN
        • Creating a Business VPN Project
        • Wi-Fi Security for Business
      • Application anti-blocking
    • How-to
      • Create a Firebase project for User Authentication
      • AWS CloudFront Distribution of the Platform URL
      • How can I get Shared Secret key from iTunes Connect for In-App Purchase
  • FAQ
    • General
      • VPN Platform Flow
      • What data is collected by the Platform?
      • What analytic data is collected by your SDK?
      • How the Platform restricts access to our data?
      • Why DNS Leak tests often indicate positive result?
      • Do we need to perform endpoint health checks?
      • How is the VPN exit node found?
      • How are streams re-marked if VPN is enabled/disabled on an active flow?
      • Is there a maximum number of supported devices?
      • Are both IPv4 and IPv6 supported?
      • What is the MTU of the tunnel?
      • Are any redundancy measures in terms of reliability provided?
      • Is there any load balancing?
      • Do you block broadcast and multicast to/from the VPN?
    • List of Open Source libs
Powered by GitBook
On this page
  • What is a VPN Killswitch?
  • Use Cases
  • Enabling Killswitch
  • Disabling Killswitch
  • Using Killswitch for Expected Disconnections

Was this helpful?

  1. SDK
  2. Unified VPN SDK for Windows
  3. Features
  4. Traffic protection

Killswitch

When using a VPN service to secure your internet connection and protect your privacy online, an unexpected disconnection from the VPN server can potentially expose your real IP address and traffic. This is where the VPN Killswitch feature comes in.

What is a VPN Killswitch?

The killswitch module activates when the VPN tunnel is initiated, before the secure connection is fully established. Once enabled, the killswitch blocks all network traffic outside of the VPN tunnel, with the following exceptions:

  • Local network traffic: A separate module manages local network traffic, allowing communication within the local network environment.

  • Bypassed processes and domains: The killswitch allows direct connections for specific processes or domains that are explicitly permitted through user-defined rules.

Use Cases

You're a remote worker handling sensitive company data. You're using a VPN to securely connect to the company network. The VPN Killswitch feature protects your data not only when the VPN connection drops but also when certain applications attempt to bypass the VPN tunnel. For example, even when the VPN is connected, some applications like qBittorrent can send traffic through all active network adapters, ignoring the system's routing settings. In such cases, an active Killswitch module blocks all traffic that tries to go outside the VPN tunnel, ensuring your data remains secure.

In another example, your business operations involve transferring large files containing sensitive data to clients or partners. You use a VPN to encrypt these transfers. An unexpected VPN drop during a transfer could expose a portion of the unencrypted data. With the Killswitch, the transfer would be halted until the secure VPN connection is reestablished.

Enabling Killswitch

In our VPN SDK, the Killswitch can be enabled in a couple ways:

  1. By setting the EnableKillSwitch parameter to true when starting the VPN connection:

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = true, //killswitch turned on
    VpnNode = node,
};

var vpnResponse = sdk.StartVpn(startVpnRequest);
  1. By calling the EnableKillSwitch method on the SDK directly:

await sdk.EnableKillSwitchAsync().ConfigureAwait(false);  // Killswitch turned on

Disabling Killswitch

Similarly, the Killswitch can be disabled by setting EnableKillSwitch to false in the StartVpnRequest or by calling await sdk.DisableKillSwitch().ConfigureAwait(false);

Using Killswitch for Expected Disconnections

The Killswitch can also be used to prevent traffic leakage during an expected VPN tunnel shutdown. To do this:

  1. Set the KeepKillSwitchEnabled property to true

  2. Start the VPN with EnableKillSwitch set to true

  3. Call the StopVpn() method o the SDK

The Killswitch will stay enabled and block traffic even after disconnecting.

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = true, //killswitch turned on
    VpnNode = node,
};

var startVpnResponse = sdk.StartVpn(startVpnRequest);

var stopVpnRequest = new StopVpnRequest
{
    KeepKillSwitchEnabled = true,
};

var stopVpnResponse = sdk.StopVpn(stopVpnRequest);
PreviousTraffic protectionNextPrevent IP Leaks

Last updated 22 days ago

Was this helpful?