What does a VPN kill switch really do?

- aside from removing my tun interface

​

I have tested a VPN kill switch in multiple scenarios (achieving similar results) as follows:

​

Hardware

- bare metal Linux Mint 19 system

- Linux Mint 20 virtual machine on Proxmox 6

- Ubuntu 18.04 LXC container on Proxmox 6

​

VPN Clients (tested via GUI and command-line)

- PIA using “VPN Killswitch: Always”

- Mullvad using “Always require VPN”

​

Bittorrent Software

- qBittorrent-nox versions 4.3.1 and 4.3.2 configured to use network interface tun0

- Transmission 2.92

​

I connected to the VPN and started an Ubuntu 20.10 server torrent. Since the file is around 1 gb, for testing I decided to limit the download speed to 50 kb. Once I connected to enough peers, at around 10-20 seconds, I enabled the kill switch (disconnected but did not quit the VPN). Downloading continued for another 1 to 3 minutes before finally winding down. Peer download speeds fluctuated up and down multiple times, but eventually did average down as expected. Interestingly, though, the number of completed 256 kb pieces did increase by 1 or 2 before finally stopping. So parts did continue to download

​

Then I tested with a download speed limit of 1 kb. In most cases, the torrent finally stopped after approximately 8 to 10 minutes. That’s certainly not a trivial time difference from the previous test

​

When the kill switch was enabled, I could not issue a ping, traceroute, etc from the command-line, so it appears something was definitely working. The tun0 interface disappeared from ifconfig, and it no longer showed as an available interface in qBittorrent, as expected. The thing for the life of me that I cannot understand is how could a download possibly continue? Even though tun0 does not show up via ifconfig, is it still there? And does it have a buffer that takes some time to clear, especially when the lower download speed limit affords more connected peers a longer time to finally wind down? Maybe the torrent clients use buffers?

Update: Just ran another qBittorrent test (PIA/Mullvad) on a Windows 7 VM and the peers disappear/wind down within just a couple of seconds. Looks like this is a Linux issue

If your vpn connection drops, it blocks all internet signals from getting in

Use VPNCheck Pro Software as a kill switch it doesn’t cost much to buy , it is nothing to do with me . Basically if your ip address changes it can kill/close your Torrent client and then try to reconnect to your VPN for you. If you don’t have a kill switch when your VPN has an error/ looses connection what your Downloading can become visible to your ISP & anyone harvesting ip addresses from the torrent swarms .

The ones I looked at are pretty simple, if your vpn connection drops they remove the default gateway from your network settings so you can’t access the internet.

But why would the downloads continue for so long? On Windows they drop very quickly, but on Linux they take a very long time, which sounds fishy. It appears I’m not being exposed, but it is disconcerting how this behaves

I think the kill switches are working, at least as advertised. In one test I was downloading the same Ubuntu torrent via 2 separate containers, each connected via its own VPN client. I saw each VPN IP connected on the opposing torrent client, invoked the kill switch on one container, and watched the same IPs continue without changing. At no time did my IP change, nor did my real non-VPN IP ever appear in the connected peer lists

OP is on Linux and ufw is a much more robust (and often built-in) option, not to mention free/open source

Yes, I did notice the routing table drops the tun0 entries. But it appears the downloads do continue on obtaining an additional 1 or 2 more 256 kb pieces before finally stopping

Might just be the application being slow to pick up that the peers were disconnected/removed.

The real question is, is the kill switch working as advertised? I would like to stick with the vendor’s VPN client rather than switching over to OpenVPN and ufw rules. Based on that then the next question arises as to whether I need to complement the vendor’s client with at least some ufw rules?

That’s why I don’t trust them, much better to use firewall rules as your kill switch