Tech · Updated on April 24, 2026

VPN Kill Switch: Why It's Critical + Configuration 2026

What is a VPN kill switch? Why it's essential (IP leaks, P2P, streamers). Configuration on NordVPN, Surfshark, CyberGhost, PureVPN. Testing it works.

VPN Kill Switch: the thing you must never forget to enable

The kill switch (or “emergency cutoff”) is a simple-looking function but critical for security. Too many users install a VPN and forget to verify the kill switch is on — until the day the VPN drops for 10 seconds and their IP leaks. This article explains why the kill switch matters, when it’s essential, and how to enable it on NordVPN, Surfshark, CyberGhost, PureVPN, ExpressVPN.

What is a VPN kill switch?

Simple definition

A kill switch is an automatic safeguard: if the VPN disconnects for any reason, your Internet is immediately cut. Result: your traffic can never fall back to clear via your ISP until VPN is restored.

Why it’s necessary

A VPN can drop for many reasons:

  • Network switch (Wi-Fi → 4G)
  • Overloaded VPN server or maintenance
  • VPN app crash (rare but happens)
  • OS update disrupting the tunnel
  • Router / phone reboot
  • Brief Internet cut then return

Without kill switch, during those few seconds, your real IP is visible to:

  • The sites you visit
  • Marketing trackers
  • Your ISP (if unencrypted traffic)
  • BREIN / ARCOM / Hadopi if P2P
  • A DDoS attacker watching (streamers)

With kill switch: your Internet is cut, nothing passes in clear. You lose connection 5 seconds, but your privacy is intact.

When the kill switch is non-negotiable

1. Torrent / P2P

A 5-second IP leak is enough to:

  • Be identified by a BitTorrent tracker monitored by rights-holder
  • BREIN (Netherlands), ARCOM/Hadopi (France), GVU (Germany) can obtain your details via ISP
  • Receive an infringement notice or worse

Absolute rule: system-level kill switch on before launching qBittorrent/uTorrent.

2. Streamers and content creators

Twitch/YouTube streamers are regular DDoS targets. An IP leak during stream = possible DDoS = stream cut.

Absolute rule: kill switch on before “Go Live”.

3. Journalists, activists, whistleblowers

If you communicate with sensitive sources or publish in a hostile country:

  • System-level kill switch mandatory
  • Double VPN or Tor + VPN recommended as complement
  • Test everything works before critical use

4. Censored zones (China, Iran, occupied zones)

An IP leak in a hostile country can:

  • Identify your real location to the OS
  • Expose your activity to surveillance
  • Have personal consequences (arrest, fine)

5. Public Wi-Fi (airports, cafés, hotels)

Less critical than above, but a kill switch avoids an unstable Wi-Fi exposing you mid-bank transaction.

App-level vs System-level kill switch

App-level

The kill switch watches specific apps. If VPN drops, only those apps are cut.

Pro: you can keep using Internet for some things (e.g. launch a YouTube video via browser even without VPN) while protecting uTorrent.

Con: less strict. If a non-watched app leaks, it leaks.

App-level example config: NordVPN on Windows, add qBittorrent.exe and uTorrent.exe to app-level kill switch list.

System-level

The kill switch cuts ALL Internet if VPN drops. Zero traffic passes in clear.

Pro: total protection, no oversight possible.

Con: no Internet at all until VPN restored (possible few seconds cut).

Recommendation: system-level by default, especially for P2P and sensitive uses.

Kill switch by VPN (activation, defaults, types)

NordVPN

  • Kill Switch Internet (system-level): not default → enable manually
  • App Kill Switch: enabled by default but empty → add your apps
  • Enable: Settings > Kill Switch

ExpressVPN (Network Lock)

  • Network Lock: enabled by default on Windows/Mac/Linux
  • System-level only (no app-level option)
  • Enable: Settings > General > Network Lock

Surfshark

  • Kill Switch: not default → enable
  • System-level by default (strict mode)
  • Enable: Settings > Connectivity > Kill Switch > ON

CyberGhost

  • Kill Switch: enabled by default (impossible to disable on some versions)
  • System-level
  • Very strict — sometimes triggers involuntarily on weak connection

PureVPN

  • Internet Kill Switch: enable manually
  • Enable: Settings > Advanced > Internet Kill Switch

Proton VPN

  • Kill Switch: enable manually
  • Permanent Kill Switch (blocks internet even without VPN launched) optional

How to enable kill switch — step by step

On PC (Windows/Mac)

NordVPN:

  1. NordVPN app > Settings (gear icon)
  2. Kill Switch
  3. Enable “Internet Kill Switch” (system-level)
  4. Confirm

Surfshark:

  1. App > Settings
  2. VPN Settings
  3. Enable Kill Switch

On Mobile (iOS/Android)

NordVPN iOS:

  1. App > Settings > Kill Switch
  2. Follow instructions to enable “Always-on VPN” at iOS level

NordVPN Android:

  1. Android Settings > Network > VPN
  2. Select NordVPN > enable “Always-on VPN” and “Block connections without VPN

Warning: on iOS/Android, kill switch is at OS level and enabled in system settings, not only in the app.

How to test that kill switch works

Simple test

  1. Check IP: go to our tool → VPN IP visible
  2. Simulate drop: in VPN app, click “Disconnect”
  3. Verify Internet is cut: open a new site → connection error
  4. Reconnect VPN: Internet returns

More aggressive test

For power-users:

  1. Enable VPN
  2. Open Task Manager (Windows) / Activity Monitor (Mac)
  3. Kill the process NordVPN / Surfshark / etc.
  4. Check Internet stays cut

If Internet works after killing process → kill switch not working properly.

Common problems

Kill switch too aggressive — involuntary cuts

Symptom: Internet cuts every 5 min.

Cause: unstable Wi-Fi connection, reconnecting VPN.

Solution:

  • Change VPN server (closer)
  • Change protocol (NordLynx/WireGuard more stable)
  • Check Wi-Fi (router, interference)

Kill switch doesn’t work

Symptom: IP leaks on VPN disconnect.

Possible causes:

  • Kill switch not enabled (recheck config)
  • Outdated VPN app (update)
  • Windows Defender firewall conflict (allow VPN)

Kill switch does NOT replace

  • General privacy — a VPN with kill switch doesn’t make you anonymous like Tor
  • Password manager — account leaks possible even with kill switch. NordPass essential.
  • 2FA — kill switch protects traffic, not accounts
  • Right protocol — kill switch on slow OpenVPN stays slow

What NOT to do

  • Disable kill switch to “gain stability” — you lose protection
  • Use VPN without kill switch for P2P / competitive streaming
  • Forget to verify after install
  • Combine app-level kill switch alone with P2P — go system-level
  • Test only on desktop — verify mobile too (often different OS setting)

Verdict: how to properly use the kill switch

Systematically enable the kill switch upon VPN installation. System-level if P2P / competitive / sensitive, app-level if you need flexibility.

Our recommended VPNs with solid kill switch:

See also: WireGuard vs OpenVPN, DNS leak, our IP tool.

Frequently asked questions

What is a VPN kill switch?
A kill switch is a feature that automatically cuts your Internet connection if the VPN drops. Goal: prevent your real IP from being exposed during a brief VPN disconnect. Without kill switch, if your VPN crashes for 2 seconds (Wi-Fi switch, server issue, reboot), your traffic resumes in clear via your ISP — and your real IP is visible to sites, trackers, or for torrenting.
Why is the kill switch critical?
Three cases where it's non-negotiable: (1) P2P / torrent — a 5-second IP leak is enough to be identified by rights-holders or BREIN/ARCOM; (2) streamer or journalist — IP leak = possible DDoS, identification; (3) use in hostile countries (China, Iran, occupied zones) — IP leak can have serious consequences. For casual use (browsing, Netflix), less critical but still good practice.
What's the difference between App-level and System-level kill switch?
App-level: only cuts specific apps if VPN drops (e.g. cuts uTorrent but not Chrome). More flexible, less strict. System-level: cuts ALL Internet if VPN drops. More secure, less flexible. For P2P / streamers / sensitive contexts: system-level mandatory. NordVPN, ExpressVPN, Surfshark, CyberGhost offer both modes.
Is the kill switch enabled by default?
Varies by VPN: NordVPN — not default, must configure. Surfshark — not default. CyberGhost — default on (unless disabled). ExpressVPN (Network Lock) — default on. PureVPN — enable manually. Always verify on your first connection.
How to test the kill switch works?
Simple method: (1) Enable VPN and check your IP on what-is-my-ip — should be VPN's. (2) Simulate a drop: disconnect then reconnect your Wi-Fi, or force close the VPN process. (3) Check that your Internet is cut (page won't load). If kill switch works, Internet stays blocked until VPN restored.
Do all VPNs have a kill switch?
All premium VPNs yes: NordVPN, ExpressVPN, Surfshark, CyberGhost, PureVPN, ProtonVPN, Mullvad. Most free VPNs: NO — additional reason to avoid them. Kill switch is a basic but essential function; a VPN without a reliable kill switch is disqualifying in 2026.