VPN Kill Switch | Stop Application After VPN DisconnectsCategory: misc
A 2 Minute Read
24 Jan 2014
Image By Yutaka Tsutano
Check out my new VPN kill switch guide that uses simple firewall rules to better protect against VPN drops!
VPNs are a good way to increase your privacy, but it's not uncommon for them to disconnect. Unfortunately, when this happens it can completely nullify the benefit of using the VPN in the first place. Because of this, its important to take measures to protect you when your VPN drops.
Many VPN companies include a killswitch feature in their clients, which can make the task of protecting yourself monumentally easier. But most Linux users tend not to use the company's VPN client, often because it doesn't exist on Linux, and even more often because the NetworkManager with OpenVPN is more convenient and robust.
The downside of the NetworkManager though is that it includes no killswitch, leaving Linux users to have to resort to other options. Fortunately, there are a few ways you can protect yourself, such as setting up IPTables firewalls, configuring connections to go through proxies only accessible through the VPN, etc. While these setups definitely work, I've come across another method that works best for me: VPNDemon. This won't be long like most of my tutorials, but I thought many people might find VPNDemon useful, so I wanted to point it out.
VPNDemon is a small application which can be installed to your system, or just run as a bash script. It monitors your NetworkManager for events, specifically a VPN disconnect. When it receives this message, it will kill a particular application that you choose during setup. For example, you can connect your VPN, start up VPNDemon, set it to kill Transmission upon VPN disconnect, and it will start to monitor for when the VPN drops. If it does drop, Transmission will be killed instantly. The way I use it on my Qubes setup is to kill the NetworkManager itself, cutting the connection to the entire system.
You can find VPNDemon on GitHub. It simply needs to be extracted and executed in the terminal.