Page 1 of 1

Kill switch on dropped connection

Posted: Wed Jun 17, 2015 3:10 pm
by cromemco
This really should be a feature you should be working on. I don't understand why Private Internet Access can implement such a switch on their software but you can't. I've done the routing trick to kill the connection, but it's a pain in the neck. I have to go back and unplug and plug back in the network cable most times I tell the VPN to disconnect.

Re: Kill switch on dropped connection

Posted: Tue Aug 11, 2015 11:15 pm
by csj
I strongly second this! Does Tunnelblick have a kill switch?

Re: Kill switch on dropped connection

Posted: Wed Aug 12, 2015 12:06 pm
by James
Hi,

Thanks for the feedback - it is something we're working on. Some information from the following support article:
We are currently working on adding a feature to Viscosity to easily block traffic leaks from occurring. We hope to have such a feature available in a future version of Viscosity, however please be aware that this is not something that will be available soon. In the meantime this article details how you can manually setup Viscosity to prevent traffic leaks from occurring.
http://www.sparklabs.com/support/preven ... fic_leaks/

Cheers,
James

Re: Kill switch on dropped connection

Posted: Mon Jul 24, 2017 9:35 pm
by Arkku
Hi,

The above response is two years old, and I can't find a kill switch option in Viscosity. Are you still open to adding it?

As for implementation, I would suggest using the macOS packet filter to block everything by default, then add exceptions for LAN traffic (if requested) and for the specific VPN gateway(s) and port(s) that are active, and obviously also allow everything through the VPN interfaces.

Ideally there would also be an option to set up the kill switch on system boot, to prevent the OS from leaking anything over an insecure connection before Viscosity has been loaded.

Re: Kill switch on dropped connection

Posted: Tue Aug 01, 2017 12:05 pm
by James
Hi Arkku,

Thanks for your feedback. The comments above are still valid - it's something we hope to add to a future version of Viscosity. We're constantly adding features to Viscosity and working on new functionality, as can be evidenced by the release notes, however we have to prioritise what we work on.

We keep the support article detailing how to have your own kill script up-to-date, so for the time being we recommend referring to that, or using firewall rules to also control traffic at boot. While we hope to have a simple checkbox or something similar in the future to make the whole process more straightforward I'm afraid it's not something I can speculate on a timeframe for.
http://www.sparklabs.com/support/kb/art ... fic-leaks/

Cheers,
James