If you think that you’re the only user on your computer and nobody is watching what you’re doing on the PC or what kind of websites you visit, you may be wrong because there is a possibility that your Internet Service Provider or the government is monitoring your online activities. More and more users are aware of the privacy risk and are willing to spend a little bit of money in subscribing to a VPN service to protect their privacy by encrypting the Internet connection.
Once you’re on a VPN connection, all your incoming and outgoing data is encrypted and routed to the VPN server. This effectively prevents your ISP or the government from monitoring your online activities. Unfortunately nothing is perfect because there is always the possibility of a leak that will reveal your real IP address. Let’s say you’re downloading sensitive material through BitTorrent and you think that you’re safe because you’re connected to a VPN. When your VPN connection suddenly disconnects, you are instantly routed back to your normal connection and your BitTorrent client will automatically resume downloading through your direct Internet connection.
This is why some people still receive DMCA infringement notices from their ISP even though they are connected to a VPN. There are some VPN service providers like LiquidVPN that solve the problem by implementing a kill switch feature known as Liquid Lock whereby all connections are automatically blocked when it detects a disconnection. Another well known method is by terminating the selected application when the VPN disconnects. If you’ve already subscribed to a VPN service that doesn’t come with a kill switch feature, here are 5 ways to implement one yourself to prevent the potential IP leak without messing with confusing firewall configurations.
1. VPN Watcher
VPN Watcher is a lightweight application that can monitor your VPN connection. Other than that, VPN Watcher can also automatically terminate or suspend a selected application when it detects a disconnection on the monitored connection. Basically it acts as an automated kill switch to prevent your running programs from directly connecting to the Internet when your VPN connection is down.
Once you’ve setup the VPN connection, all you need to do is add an application into VPN Watcher. The added application will automatically run when VPN Watcher detects a connection to the VPN and terminates when it detects an unexpected disconnection.
VPN Watcher comes in both free and paid versions and is available for both Windows and MAC OS X operating systems. The free version of VPN Watcher is limited to only 1 controlled application and has a slightly higher checking interval at 0.5 seconds compared to 0.1 second in the paid version. Although the program is constantly monitoring the connection, VPN Watcher takes up less than 2MB of memory usage and nothing for CPU usage.
2. VPN Lifeguard
VPN Lifeguard is a free and open source portable program to prevent your running applications from connecting to an unsecured connection when your VPN connection drops out. Basically VPN Lifeguard functions quite similarly to VPN Watcher and can be quite easy to set up if the initial setup steps are followed correctly.
First you need to connect to your VPN. After connecting, run VPN Lifeguard as an administrator (Right click on the program executable file and select “Run as administrator”), and click on the Config button. The VPN Lifeguard config and options area should be able to automatically detect your gateway IP and the local IP of your VPN. Click at the number drop down menu and you can select up to 6 programs that you want VPN Lifeguard to manage. Then click the Browse button and look for the program shortcut or file. Click the close button to save the changes.
When you’re back at the program’s main graphical user interface, click the Start button and VPN Lifeguard will start monitoring your VPN connection and automatically close the managed software when the VPN connection is disconnected. VPN Lifeguard will attempt to reconnect back to the VPN connection and re-run the managed software when reconnected. VPN Lifeguard was last updated in 2013 but it works perfectly when we tested it in Windows 10. It supports the monitoring of PPTP and IPSec protocols but not OpenVPN.
VPNCheck is not just another VPN monitoring and program management tool, but it comes with more features in an attempt to keep your computer secure when connected to a VPN service. You’ll find 2 versions of VPNCheck which are the feature limited free version and the paid PRO version with additional features such as OpenVPN support, DNS leak fix, unlimited programs support, and computer ID protection enabled.
The free version of VPNCheck allows you to monitor a PPTP VPN connection, auto closing of programs or network disabling when the VPN disconnects unexpectedly, and management of only 3 programs. You’ll also need to perform an initial setup on VPNCheck before it can work. Click on the config button, and add the programs that you want to manage. The added file can be configured to auto close or autorun from the checkboxes. The next important thing is to setup the VPN login credentials in VPNCheck so that it can auto reconnect. Enter the username and password of the VPN and the matching VPN name that is in Windows.
Once you’ve completed adding the files and setting up the VPN connection in VPNCheck, close the config window and you should be back in the main GUI. There are 2 main buttons which is Cycle IP:Task and Cycle IP:Network. If you want VPNCheck to auto close the added programs on VPN disconnection, click on Cycle IP:Task. As for Cycle IP:Network, this option will disable all network connections on your computer.
The free version of VPNCheck is available for Windows and Linux (beta) operating system while the Pro is only for Windows.
4. Simple VPN Kill Switch Batch Script
There is a manual and free way to disable all connections when your VPN connection drops in Windows without relying on any third party software. This can be achieved by removing the network adapter’s default gateway IP address after connecting to the VPN. Do take note that it is not possible to do it the other way round which is removing the default gateway IP first because that will prevent you from even connecting to the VPN server.
If your network adapter is configured to obtain an IP address automatically from a DHCP service, it may be a challenge for novice users to remove the gateway IP because it involves using the route.exe command line program. An easier way is to use a ready made batch file called Simple VPN Kill Switch created by LiquidVPN that can automatically run the commands.
All you need to do is connect to the VPN first, then run this batch script and press 1 to enable kill switch. This will remove the default gateway IP address from your network adapter. When your VPN connection unexpectedly drops out, all running applications will be prevented from reaching the Internet. To reconnect, you will need to press 2 in the script to disable the kill switch and then manually reconnect to the VPN.
5. Using Windows Task Scheduler
Instead of providing another complicated method that requires messing with the Windows Firewall or Comodo Firewall rules, an easier way is by using the Task Scheduler that is built into Windows. This method doesn’t involve installing any third party software and uses the native event checking feature in Windows which is more stable and barely uses any noticeable CPU or memory usage. All you need to do is create a new task that will automatically close your BitTorrent client software when the OS detects a termination on your VPN connection.
a) Press the Start button, type Task Scheduler and run it.
b) Click Action on the menubar and select “Create Task“.
c) Type in anything for the name of this new task that you’re going to create. Tick the checkbox for “Run with highest privileges“.
d) Go to the Trigger tab and click the New button.
e) Click the drop down menu for Begin the Task and select “On an event“.
f) Select RasClient for Source, enter the Event ID as 20226 and click OK.
g) Go to the Actions tab and click the New button.
h) Ensure that the action is “Start a program“.
i) At the program/script input box, enter taskkill.exe and at the add arguments box, enter /f /im filename.exe. You’ll need to replace the filename.exe with the executable file that you want to terminate. For example, uTorrent would be utorrent.exe, Deluge is deluge.exe, qBittorrent is qbittorrent.exe, etc. Click OK to save the changes.
k) Optionally go to the Conditions tab and check on the Power options. By default, the option “Start the task only if the computer is on AC power” is enabled and you may want to disable this setting. When your computer is on battery power, this task won’t run when your VPN connection is lost and causing your BitTorrent client to continue download through the direct Internet connection revealing your real IP address.
Additional Tip: The idea above can be extended to disabling all network connections when the VPN connection is lost instead of forcefully terminating running programs. At step (i), replace the taskkill.exe with powershell.exe. Then at the arguments box, enter Get-NetAdapter | Disable-NetAdapter -Confirm:$false.
To automatically re-enable all network adapters, you can run the following command line as administrator.
powershell.exe Get-NetAdapter | Enable-NetAdapter -Confirm:$false