Skip to main content

Top10VPN is editorially independent. Buying a VPN through our links supports our work.

What Is a VPN Kill Switch?

Updated Jun 2, 2026

JP Jones

JP Jones is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process. Read full bio

Fact-checked by Simon Migliano

The Short Answer

A VPN kill switch is a security feature that automatically cuts your internet connection if your VPN unexpectedly drops, stopping your real IP address and online activity from leaking to your ISP or any websites you visit. Most kill switches restore your connection automatically once the VPN reconnects.

VPN kill switch cuts off the internet connection

When you’re connected to a trusted VPN server, your internet traffic is encrypted and your real IP address remains hidden.

However, if your VPN connection drops for even a second, due to a weak WiFi signal for instance, your IP address and online activity become visible to the websites you’re using as well as your internet service provider (ISP).

A kill switch closes that gap. As soon as it detects a dropped VPN connection, it blocks your device from the internet so nothing leaves it unprotected, and only restores access once the VPN is securely reconnected.

That’s why we recommend keeping a kill switch enabled at all times, especially if you’re concerned about what someone might do with your IP address.

Keep in mind, though, that not every VPN includes one, and reliability varies depending on your device, your VPN protocol, and the provider itself. That’s exactly why it’s worth testing yours, which you can do further down this page.

Why Trust Us?

We’re fully independent and have been reviewing VPNs since 2016. Our advice is based on our own testing results and is unaffected by financial incentives. Learn who we are and how we test VPNs.

'What Is a VPN Kill Switch, Why You Should Use It & How to Check it Works' video thumbnail

When Should You Use a VPN Kill Switch?

You should keep a kill switch on at all times to ensure your data is kept private and secure.

In a coffee shop, a MacBook connects to public WiFi with ExpressVPN connected to a New York server.

We used ExpressVPN to safely connect to our local coffee shop’s WiFi.

However, there are specific situations where a functioning kill switch is essential:

1. Using Public WiFi

You are more vulnerable to cyberattacks when using public WiFi. On a public network it’s not clear who set it up, who else is connected to it, and if it’s being monitored.

Here are some common risks associated with public WiFi:

Man-in-the-Middle (MitM) Attacks: This refers to any situation in which a third party interferes in communications between your device and the network you’re connecting to.
Fake hotspots: An attacker mimics a public WiFi network by using a legitimate name such as ‘Free_Airport_WiFi’. The attacker can easily access the sensitive data of anyone who connects to this network.
Session hijacking: A third party can monitor your browsing activity to gain the necessary information to hijack your online accounts.

As many devices often connect to a public WiFi network simultaneously, these networks tend to be unstable and frequently drop connections. This unreliability can cause the VPN to disconnect, potentially exposing your sensitive data.

To protect against this, you can use a VPN optimized for public WiFi to encrypt your connection and conceal your browsing activity.

However, if your VPN connection fails while on a public network then you risk exposing your personal data to all the threats listed above. As such, it is vital you use a VPN with a kill switch on public WiFi.

2. Torrenting

You should always torrent while connected to a VPN to conceal your real IP address and file-sharing activity.

Without a safe torrenting VPN, your true IP address and identity will be visible to your ISP, copyright trolls, and even the content owners.

A VPN protects you when torrenting by:

Concealing your identity: By connecting to a VPN your real IP address is replaced by that of the VPN server. All of your online activity is encrypted, preventing third parties from monitoring your downloads.
Protecting against legal action: Countries are increasingly enforcing copyright laws against torrenting. While we don’t condone copyright breaches, it’s easy to unknowingly slip up. Equipping a VPN encrypts your information making it much harder to track your torrented downloads.
Bypassing throttling and blocks: Your ISP may restrict your P2P connection speeds and even block your access to torrenting websites. A top-rated VPN can encrypt your traffic making it more difficult for your ISP to detect and throttle P2P activity.

A VPN kill switch is essential for torrenting or any form of file-sharing. Torrenting without a kill switch runs the risk of your real IP address being exposed, leaving you vulnerable to all of the above.

Torrenting without a VPN

You can see the IP addresses of other peers at all times while torrenting.

If your VPN connection drops, even for a second, then your online identity will be visible to everyone in the torrent swarm.

3. Bypassing Web Censorship

If you’re using a VPN to bypass censorship in a restricted region, like China or Russia, it’s essential you’re not caught doing so. Since VPNs tend to be prohibited in these regions and the content you’re accessing outlawed, a faulty VPN connection can lead to fines or even imprisonment.

Countries where VPNs are illegal or restricted

Countries where VPNs are illegal or restricted.

To prevent this from happening, you should keep your kill switch on at all times. This ensures your personal data, and the fact you’re using a VPN, won’t be revealed to any government censors or monitoring third parties.

How Does a VPN Kill Switch Work?

Here’s exactly how a VPN kill switch works:

🔎 Monitoring: The kill switch constantly surveys your VPN connection, looking for any changes in your network status or IP address.
🚨 Detecting: Any alteration or disruption to your VPN connection is immediately detected by the kill switch.
✂️ Disconnecting: The kill switch responds by cutting your device’s connection to the internet or to a specifically chosen app.
🛜 Reconnecting: Once your VPN connection is restored, the kill switch deactivates and allows your internet connection to reestablish.

Types of VPN Kill Switch

Though all kill switches broadly follow the process outlined above, exactly how they work depends on their implementation.

Most notably, VPN kill switches vary by what causes them to activate and how they are applied.

Standard Kill Switch

The kill switch engages when it detects a disconnection from the VPN, blocking your device’s connection to the internet. Your internet connection resumes once your VPN connection reestablishes or the VPN app is closed. This is the most common type of kill switch and is available from the vast majority of VPN services.

Surfshark's kill switch toggle in its macOS app.

Surfshark offers a standard kill switch.

Permanent Kill Switch

Your entire device is blocked from the internet once you lose connection to the VPN server. Your internet connection can’t resume until you reconnect to the VPN, even once the VPN app is closed. This is also referred to as an ‘advanced kill switch’ or ‘network kill switch’ and is only offered by a handful of VPN services, like PIA or Windscribe.

Permanent kill switches offer the greatest level of protection as disconnecting your entire device’s connection makes IP leaks far less likely.

Screenshot of ExpressVPN's standard and permanent kill switches.

ExpressVPN provides both a standard and a permanent kill switch.

Application Kill Switch

Only pre-selected apps are disconnected from the internet in case of an unexpected VPN disconnection. The rest of your device continues to function as normal. This is the rarest type of kill switch and is only offered by select VPN services, such as NordVPN.

Application-level kill switches can be useful if you have a specific use-case for your VPN. For example, if you’re using a VPN to torrent then you may want to only block your torrenting client.

This offers greater flexibility as you can continue to browse freely while keeping your torrenting traffic safe.

Screenshot of NordVPN's app-level kill switch.

You can target specific apps with NordVPN’s kill switch.

How to Test Your VPN Kill Switch

You can test if your VPN kill switch is working properly by seeing if your real IP address is exposed when the VPN connection drops or disconnects.

We’ve created a dedicated kill switch testing tool to help you easily test it yourself.

DISCLAIMER: For this tool to work, it temporarily records your IP address. However, once you close this tab, any IP addresses collected by the tool are immediately deleted.

VPN Kill Switch Testing Tool

1Find Your Real IP Address

You need to know your real IP address before checking for any leaks.

Make sure you’re not connected to your VPN yet.

Your IP is -

2Enable the Kill Switch & Connect to a VPN Server

If you don’t know how to turn on your VPN’s kill switch, we’ve created how-to guides for each major platform.

Once enabled, connect to a VPN server in a different country to your real-life location.

3Connect to a VPN Server in a New Location

Most apps let you do this by selecting another location in your VPN app.

If your VPN requires you to disconnect before switching servers, do so and then immediately connect to the new server.

4Simulate an Internet Disconnection

If you’re using a computer, go to your network settings and disconnect from WiFi or unplug the Ethernet cable.

On mobile, activate airplane mode.

5Re-establish Your Internet Connection

Enable your device’s WiFi, reinsert your Ethernet cable, or disable airplane mode on your phone.

Result

The result will show here once your test is complete

#	Timestamp	IP Address	Country	IP Changed?	Debug

Help us improve the tool

Share your feedback on using the tool so we can improve it further💪🏻

How to Fix a Broken VPN Kill Switch

If your kill switch isn’t working then there’s usually an issue with the VPN app, your device, or both.

Faulty or outdated VPN software can prevent your kill switch from triggering during an unexpected VPN disconnection.

Equally, your device’s firewall or system settings may prevent the VPN app itself from functioning properly.

Then there are some top-rated providers, such as CyberGhost and PrivateVPN, that choose to leave your traffic unprotected when changing servers.

A pop-up from CyberGhost warning against changing servers.

CyberGhost warns against switching servers while connected.

Since this isn’t a fault so much as a limitation, the only solution is to switch to a VPN with a kill switch that activates during any type of disconnection — including a server change. In our opinion, NordVPN and PIA are great options.

We’ve outlined some solutions below for fixing your VPN’s kill switch:

1. Change the VPN Protocol

Chance of Success: High
Difficulty: Easy
Time: 1 Minute

If your kill switch isn’t working, it may be due to the VPN protocol you’re using. Either the current protocol doesn’t support a kill switch or its kill switch doesn’t work properly.

From our testing, we found OpenVPN protocols to be the most compatible with a VPN kill switch, particularly OpenVPN TCP.

Some providers, like Astrill and FastestVPN, only offer a kill switch on OpenVPN protocols.

Try switching your VPN protocol to OpenVPN TCP and then test the kill switch again.

2. Run as Administrator

Chance of Success: High
Difficulty: Easy
Time: 1 Minute

A VPN kill switch requires access to your device’s internet connection so that it can be disabled in the event of a VPN disconnection.

This is an intrusive action which could be blocked by your PC. If that’s the case, you will need to manually upgrade your VPN’s permissions.

Here’s how to upgrade your VPN’s privileges:

Navigate to the VPN’s app on your desktop.
Right-click the app and select Run as administrator.
A prompt will appear asking if the app can make changes to your device.
Click Yes.
The VPN should now have the necessary permissions to disable your internet connection.

EXPERT ADVICE: This solution is limited to Windows applications only. It isn’t possible to upgrade your VPN’s permissions in this way on Android, iOS, or macOS.

3. Update and Restart the App

Chance of Success: Medium
Difficulty: Easy
Time: 5 Minutes

You may be using an older version of a VPN app that doesn’t support a VPN kill switch or has a bug in its software preventing the kill switch from working correctly.

To determine whether your app is outdated, go to the VPN’s website and find the VPN apps page. This is normally labeled VPN Apps, Apps, or Download.

From here make a note of the current version of the VPN software and see if it matches the app installed on your device.

By installing the latest version of the app any known technical bugs should now be fixed, including the faulty kill switch.

4. Change Your Firewall Settings

Chance of Success: High
Difficulty: Hard
Time: 5 Minutes

Your computer’s firewall may prevent any VPN connections from being established.

Even if you’re able to initially connect to a VPN server, your firewall may block the kill switch from reestablishing the VPN connection. This would leave your real IP address exposed without you ever realizing.

To fix this go into your device’s settings and add your VPN to the list of apps that are allowed to pass through the firewall.

5. Contact Customer Support

Chance of Success: Medium
Difficulty: Easy
Time: 5 Minutes

If none of the solutions above work, contact the VPN’s customer support.

The quality of support can vary by provider but most VPNs will have an email or ticket system to answer queries.

At the very least the support agent can eliminate the possibility that your VPN is at fault for any kill switch issues.

FAQs

Should I Leave the Kill Switch on All the Time?

There’s no downside to leaving a kill switch on permanently, but you may find it disruptive to your online activity.

This includes interrupted downloads, which you may have to restart, as well as interference with video calls and live streams.

If you play online video games you might want to use an application level kill switch. This ensures that your connection to the game won’t be severed if the kill switch activates.

Leaving a kill switch on won’t affect your device’s performance, the VPN’s effectiveness, or your internet connection speeds.

Are All Kill Switches on by Default?

Yes, most reputable VPNs leave their kill switch on by default.

However, some may require manual activation, so be sure to check before connecting to a VPN server.

On mobile, it’s not uncommon for the kill switch to be active 24/7, but invisible in the app settings.

If you’re not sure your kill switch is on, use our kill switch testing tool to verify that your data is protected.