5 Free VPN Kill Switches for Windows & How to Enable
If you think that you’re the only user on your computer and nobody is watching what you’re doing on the PC or what kind of websites you visit, you may be wrong because there is a possibility that your Internet Service Provider or the government is monitoring your online activities. More and more users are aware of the privacy risk and are willing to spend a little bit of money in subscribing to a VPN service to protect their privacy by encrypting the Internet connection.
Once you’re on a VPN connection, all your incoming and outgoing data is encrypted and routed to the VPN server. This effectively prevents your ISP or the government from monitoring your online activities. Unfortunately nothing is perfect because there is always the possibility of a leak that will reveal your real IP address. Let’s say you’re downloading sensitive material through BitTorrent and you think that you’re safe because you’re connected to a VPN. When your VPN connection suddenly disconnects, you are instantly routed back to your normal connection and your BitTorrent client will automatically resume downloading through your direct Internet connection.
This is why some people still receive DMCA infringement notices from their ISP even though they are connected to a VPN. There are some VPN service providers like LiquidVPN that solve the problem by implementing a kill switch feature known as Liquid Lock whereby all connections are automatically blocked when it detects a disconnection. Another well known method is by terminating the selected application when the VPN disconnects. If you’ve already subscribed to a VPN service that doesn’t come with a kill switch feature, here are 5 ways to implement one yourself to prevent the potential IP leak without messing with confusing firewall configurations.
1. VPN WatcherVPN Watcher is a lightweight application that can monitor your VPN connection. Other than that, VPN Watcher can also automatically terminate or suspend a selected application when it detects a disconnection on the monitored connection. Basically it acts as an automated kill switch to prevent your running programs from directly connecting to the Internet when your VPN connection is down.
Once you’ve setup the VPN connection, all you need to do is add an application into VPN Watcher. The added application will automatically run when VPN Watcher detects a connection to the VPN and terminates when it detects an unexpected disconnection.
VPN Watcher comes in both free and paid versions and is available for both Windows and MAC OS X operating systems. The free version of VPN Watcher is limited to only 1 controlled application and has a slightly higher checking interval at 0.5 seconds compared to 0.1 second in the paid version. Although the program is constantly monitoring the connection, VPN Watcher takes up less than 2MB of memory usage and nothing for CPU usage.
2. VPN Lifeguard
VPN Lifeguard is a free and open source portable program to prevent your running applications from connecting to an unsecured connection when your VPN connection drops out. Basically VPN Lifeguard functions quite similarly to VPN Watcher and can be quite easy to set up if the initial setup steps are followed correctly.
First you need to connect to your VPN. After connecting, run VPN Lifeguard as an administrator (Right click on the program executable file and select “Run as administrator”), and click on the Config button. The VPN Lifeguard config and options area should be able to automatically detect your gateway IP and the local IP of your VPN. Click at the number drop down menu and you can select up to 6 programs that you want VPN Lifeguard to manage. Then click the Browse button and look for the program shortcut or file. Click the close button to save the changes.
When you’re back at the program’s main graphical user interface, click the Start button and VPN Lifeguard will start monitoring your VPN connection and automatically close the managed software when the VPN connection is disconnected. VPN Lifeguard will attempt to reconnect back to the VPN connection and re-run the managed software when reconnected. VPN Lifeguard was last updated in 2013 but it works perfectly when we tested it in Windows 10. It supports the monitoring of PPTP and IPSec protocols but not OpenVPN.
3. VPNCheck
VPNCheck is not just another VPN monitoring and program management tool, but it comes with more features in an attempt to keep your computer secure when connected to a VPN service. You’ll find 2 versions of VPNCheck which are the feature limited free version and the paid PRO version with additional features such as OpenVPN support, DNS leak fix, unlimited programs support, and computer ID protection enabled.
The free version of VPNCheck allows you to monitor a PPTP VPN connection, auto closing of programs or network disabling when the VPN disconnects unexpectedly, and management of only 3 programs. You’ll also need to perform an initial setup on VPNCheck before it can work. Click on the config button, and add the programs that you want to manage. The added file can be configured to auto close or autorun from the checkboxes. The next important thing is to setup the VPN login credentials in VPNCheck so that it can auto reconnect. Enter the username and password of the VPN and the matching VPN name that is in Windows.
Once you’ve completed adding the files and setting up the VPN connection in VPNCheck, close the config window and you should be back in the main GUI. There are 2 main buttons which is Cycle IP:Task and Cycle IP:Network. If you want VPNCheck to auto close the added programs on VPN disconnection, click on Cycle IP:Task. As for Cycle IP:Network, this option will disable all network connections on your computer.
The free version of VPNCheck is available for Windows and Linux (beta) operating system while the Pro is only for Windows.
4. Simple VPN Kill Switch Batch Script
There is a manual and free way to disable all connections when your VPN connection drops in Windows without relying on any third party software. This can be achieved by removing the network adapter’s default gateway IP address after connecting to the VPN. Do take note that it is not possible to do it the other way round which is removing the default gateway IP first because that will prevent you from even connecting to the VPN server.
If your network adapter is configured to obtain an IP address automatically from a DHCP service, it may be a challenge for novice users to remove the gateway IP because it involves using the route.exe command line program. An easier way is to use a ready made batch file called Simple VPN Kill Switch created by LiquidVPN that can automatically run the commands.
All you need to do is connect to the VPN first, then run this batch script and press 1 to enable kill switch. This will remove the default gateway IP address from your network adapter. When your VPN connection unexpectedly drops out, all running applications will be prevented from reaching the Internet. To reconnect, you will need to press 2 in the script to disable the kill switch and then manually reconnect to the VPN.
Download Simple VPN Kill Switch Batch Script
5. Using Windows Task Scheduler
Instead of providing another complicated method that requires messing with the Windows Firewall or Comodo Firewall rules, an easier way is by using the Task Scheduler that is built into Windows. This method doesn’t involve installing any third party software and uses the native event checking feature in Windows which is more stable and barely uses any noticeable CPU or memory usage. All you need to do is create a new task that will automatically close your BitTorrent client software when the OS detects a termination on your VPN connection.
a) Press the Start button, type Task Scheduler and run it.
b) Click Action on the menubar and select “Create Task“.
c) Type in anything for the name of this new task that you’re going to create. Tick the checkbox for “Run with highest privileges“.
d) Go to the Trigger tab and click the New button.
e) Click the drop down menu for Begin the Task and select “On an event“.
f) Select RasClient for Source, enter the Event ID as 20226 and click OK.
g) Go to the Actions tab and click the New button.
h) Ensure that the action is “Start a program“.
i) At the program/script input box, enter taskkill.exe and at the add arguments box, enter /f /im filename.exe. You’ll need to replace the filename.exe with the executable file that you want to terminate. For example, uTorrent would be utorrent.exe, Deluge is deluge.exe, qBittorrent is qbittorrent.exe, etc. Click OK to save the changes.
k) Optionally go to the Conditions tab and check on the Power options. By default, the option “Start the task only if the computer is on AC power” is enabled and you may want to disable this setting. When your computer is on battery power, this task won’t run when your VPN connection is lost and causing your BitTorrent client to continue download through the direct Internet connection revealing your real IP address.
Additional Tip: The idea above can be extended to disabling all network connections when the VPN connection is lost instead of forcefully terminating running programs. At step (i), replace the taskkill.exe with powershell.exe. Then at the arguments box, enter Get-NetAdapter | Disable-NetAdapter -Confirm:$false.
To automatically re-enable all network adapters, you can run the following command line as administrator.
powershell.exe Get-NetAdapter | Enable-NetAdapter -Confirm:$false
wow – good info here. Thanks for taking the time
to write and post
Hello, I’m sure everything has been entered correctly, OCD checked multiple times. Qbittorrent is not closing after setting up the task. Does Surf Shark require something extra? Do I need to disable the Qbittorrent kill Switch, which doesn’t seem to work instantly? Does Surf Shark need to be running at the time the task is created? I only did some editing after starting VPN. It was disconnected when I created task.
I tried typing in “RasClient” then used pulldown menu. I even tried “Rasclient” in pull down menu.
Thanks.
GUI version of qbittorrent for linux has the setting to work (p2p exchange) when connected to specific network adapter only ie. ‘tun0’. You could check if there is similar settings entry for Windows version.
Hey. :)
I’ve lost count of the times I’ve found myself visiting your website to read an article and/or download useful apps/utilities, but I’ve never once stopped to say thank you… and that’s just crap!
So before I head off….. Thank you Raymond so so much for all the really useful information, apps and advice! You’ve been doing this for years and I, for one, totally appreciate it. Your (sometimes almost literally) a lifesaver.
Best wishes,
Drew. :)
There’s also VPNKS VPN Kill Switch. It’s free and comes with 4 different kill switch methods to chose from depending on how you want to set things up, check it out at vpnks.nswardh.com
I tried solution 5 – it doesn’t work. I’m using Windows 10 with PIA VPN and uTorrent. I’m pretty sure I’ve got everything entered correctly. I tested it by starting VPN, starting a torrent then manually stopping the VPN. Utorrent did not stop.
Off to look up how to use Windows Firewall as a VPN kill switch.
Don’t think you’ll have much luck using Windows Firewall, it has no triggers to alert you when the connection is down. You can use it to block non VPN traffic but it’s not really a “kill switch”.
The point of giving you 5 options here is if one doesn’t work there are 4 others that might…;)
HALgooo, please be a dear and delete what doesn’t work…which is all of the options but the one’s you have to pay for. Even so, without a free trial, who’s going to take a chance because we use OpenVPN, not PPTP.
1 of the above is open source and 2 others have both free and paid versions of the same software. Are you saying the paid programs work but their free versions don’t?
The task scheduler works just fine for me so far. Thanks so much
You didn’t say how to automatically restart the program or network connection for number 4 and 5! Please give instructions. Most vpn’s disconnect regularly so it is mandatory. Thanks.
I use VPN on Mozilla Firefox occasionally, i.e. sometimes I surf through the VPN and sometimes using my own IP address. The reason is that I visit some sites that work with subscription and I have access only with my IP address while in all other cases I opt for privacy.
In my case, can I use the mentioned kill switch tools only when I surf through the VPN?
Thank you
I have been using PureVPN and recently they have added so many advance options that you can toggle on and off according to your need, IKS, Antivirus and many more.
I’m with NordVPN and there’s already a kill switch included with their program. If I can give some advice to people when you look for a VPN, the included kill switch should be the first criteria for subscribing to a service.
I disagree, think the first and very important VPN feature would be ero logging policy.
Everybody has different priorities for their VPN software, there is no definitive right or wrong for your requirements.
Can I use number 5 – “Task Scheduler” with open vpn to autokill the network connection? It seems the only option is rasclient but no openvpn choice.
“Additional Tip: The idea above can be extended to disabling all network connections when the VPN connection is lost instead of forcefully terminating running programs. At step (i), replace the taskkill.exe with powershell.exe. Then at the arguments box, enter Get-NetAdapter | Disable-NetAdapter -Confirm:$false.
Also, if I want to use your VPNcheck Pro with openvpn, and I normally switch between numerous vpn sites (different .opvpn config files), can i set this up in your program? It seems there is only the possibily to use 1 config file.
Personally, I prefer to use the built-in Windows Firewall as a VPN Kill Switch.
See guide: practicalrambler.blogspot.com/2011/01/windows-7-firewall-how-to-always-use.html
So basically, when the VPN drops… The Windows Firewall will kick in and stop the program from being able to make a connection.
Way safer than using a third party app that could crash. What’s the odds of Windows Firewall Crashing and not working correctly? That would be a major bug that Microsoft would fix ASAP.
Very happy with VPNCheck Pro. It just works. Small time developer (but that may be good)..
You can also leak your IP over the WebRTC protocol.
Do you see YOUR real IP at the site (free WebRTC leak detector).
diafygi.github.io/webrtc-ips/
The only way I have found to close this hole is a Firefox addon (extension, plugin,..) called Disable WebRTC available here (if you are serious about hiding an IP)..
addons.mozilla.org/en-US/firefox/addon/happy-bonobo-disable-webrtc/
Hi.
Option 5 could work for me. However, I use PIA (Private Internet Access) and I can’t seem to find an event triggered by the client disconnect.
I like solution 4 the most because pro active as already said by Ronnie so outperforms principles used for example by VPN Watcher (delay watching…). Now ifi click on “Download Simple VPN Kill Switch Batch Script” i get Invalid Download Requested. The, how to download Simple VPN Kill Switch Batch Script?
I’m thinking number 5
Welcome back, it’s funny as I was just going through the back pages of my bookmarks lol and saw your link, always enjoyed reading.
Would I be correct to assume that the 4. method is the safest since it is proactive instead of reactive like the other solutions?
Hey Ray,
Nice to get your blog again. Did you test of of these kill switches? Which one do you think is most effective?
I’m not sure if you’ve already done this or not, but an article about the best free and paid VPN services would be welcome.
Thanks
Wow Ray, so loooong , hows you and family ?
Welcome back.
Raymond!
Welcome Back.
How are you and the Family?
intelligencia
Wowwwwwwwww…..Seeing this has made my day Raymond ! You still alive and kicking ! I ‘ve missed seeing your posts for the longest time.Welcome back and hope to meet you when you get a chance to come to California.
Where were u have been
Raymond
We all were missing ur posts.
Nice to see u back on track
Very useful.
Thanks!
Thank you for a very interesting article – very educational.
I use a linux PC for my VPN activities and wonder if there is a way of doing similar things under Linux?
I never feel safe downloading files in Windows because of the plethora of virus and other perils!
Cheers
Peter
On Linux just use ufw
reddit.com/r/VPN/comments/3z7ke3/this_is_my_killswitch_script_for_linux_using/