Kill switch on dropped connection

Suggestions/comments/criticisms are welcome here

cromemco

Posts: 1
Joined: Wed Jun 17, 2015 3:02 pm

Post by cromemco » Wed Jun 17, 2015 3:10 pm
This really should be a feature you should be working on. I don't understand why Private Internet Access can implement such a switch on their software but you can't. I've done the routing trick to kill the connection, but it's a pain in the neck. I have to go back and unplug and plug back in the network cable most times I tell the VPN to disconnect.

csj

Posts: 9
Joined: Wed Jan 07, 2015 6:03 am

Post by csj » Tue Aug 11, 2015 11:15 pm
I strongly second this! Does Tunnelblick have a kill switch?

James

User avatar
Posts: 1865
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Wed Aug 12, 2015 12:06 pm
Hi,

Thanks for the feedback - it is something we're working on. Some information from the following support article:
We are currently working on adding a feature to Viscosity to easily block traffic leaks from occurring. We hope to have such a feature available in a future version of Viscosity, however please be aware that this is not something that will be available soon. In the meantime this article details how you can manually setup Viscosity to prevent traffic leaks from occurring.
http://www.sparklabs.com/support/preven ... fic_leaks/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs

Arkku

Posts: 2
Joined: Mon Jul 24, 2017 9:04 pm

Post by Arkku » Mon Jul 24, 2017 9:35 pm
Hi,

The above response is two years old, and I can't find a kill switch option in Viscosity. Are you still open to adding it?

As for implementation, I would suggest using the macOS packet filter to block everything by default, then add exceptions for LAN traffic (if requested) and for the specific VPN gateway(s) and port(s) that are active, and obviously also allow everything through the VPN interfaces.

Ideally there would also be an option to set up the kill switch on system boot, to prevent the OS from leaking anything over an insecure connection before Viscosity has been loaded.

James

User avatar
Posts: 1865
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Aug 01, 2017 12:05 pm
Hi Arkku,

Thanks for your feedback. The comments above are still valid - it's something we hope to add to a future version of Viscosity. We're constantly adding features to Viscosity and working on new functionality, as can be evidenced by the release notes, however we have to prioritise what we work on.

We keep the support article detailing how to have your own kill script up-to-date, so for the time being we recommend referring to that, or using firewall rules to also control traffic at boot. While we hope to have a simple checkbox or something similar in the future to make the whole process more straightforward I'm afraid it's not something I can speculate on a timeframe for.
http://www.sparklabs.com/support/kb/art ... fic-leaks/

Cheers,
James
James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
5 posts Page 1 of 1