protonvpn macos vpn kill switch

Update March 2023: This article is largely out of date. Our macOS app now supports the IKEv2, OpenVPN UDP, OpenVPN TCP, WireGuard, WireGuard TCP, and Stealth VPN protocols. We have also implemented a kill switch on the Proton VPN app for iOS and iPadOS. To avoid confusion, we have updated the screenshot to show where the kill switch option is now located on the macOS app.

The latest update for our macOS app implements a firewall-based kill switch to keep your data safe even if you are disconnected from your VPN server.

What is a Kill switch?

The new firewall-based kill switch prevents your IP address and DNS queries from being exposed in the event you are disconnected from a VPN server for any reason. When you enable the kill switch, if you lose connection to the VPN service, the kill switch will block all external network traffic until it automatically re-establishes a connection to a VPN server.

Technical background and implementation

Proton VPN’s macOS app utilizes the IKEv2 protocol, which allows for theoretically higher speeds and connection stability (when switching networks or on the go) than the OpenVPN protocol. It also has the benefit of being natively supported by Apple at the OS level. While this has certain benefits in terms of native integration into the OS, it also imposes certain constraints. In general, a kill switch, as defined above, is not possible for IKEv2 VPNs on macOS, which is why in the past, we have provided Always-on VPN(new window), which automatically reconnects users to a VPN server if the connection is broken, as an alternative.

The Always-on VPN setting will remain, and will now be complemented by the improved kill switch feature we are introducing today. (As of version 1.5.3, the Always-On VPN setting is no longer visible in Settings. The feature is always enabled by default for security, and it is not possible to turn off Always-On VPN.)

Implementing a kill switch (as defined above) required us to work around certain limitations within Apple’s native VPN infrastructure, specifically that it does not allow an app to fully block network traffic outside of the VPN connection on an Apple device. To resolve this, we have created a helper application to generate a packet filter. Now, whenever you connect to a VPN server with kill switch enabled, the packet filter blocks all external network communications except for those routed through the VPN server you are currently connected to.

Since all your network traffic is restricted to the VPN server, if connection to the VPN server is lost, all Internet traffic is stopped immediately and your data is never exposed. This workaround of Apple’s network stack allows us to achieve what was previously impossible on macOS.

It is important to note that as of today, a kill switch, as we have defined it, is still not possible on iOS. This is because Apple’s network level restrictions on iOS are even more stringent than they are for macOS, so we cannot replicate the workaround we designed for macOS on iOS. Thus, from a technical standpoint, Always-on VPN is the best that can be achieved on iOS today. However, in the process of designing our kill switch workaround for macOS, we were in close communication with Apple engineers who expressed a willingness to reconsider their native VPN infrastructure’s restrictions. Those discussions have continued and we are currently working with Apple to find a way to implement a kill switch on iOS.

The addition of this new kill switch to Proton VPN for macOS will help you stay secure no matter how unstable your connection is. If you already use Proton VPN, your app will either update automatically or prompt you to update. Please join us on Facebook, Twitter, and Reddit and let us know what you think!

Best Regards,
The Proton VPN Team

You can get a free Proton VPN account here(new window).

Follow us on social media to stay up to date on the latest Proton VPN releases:  Twitter (new window)Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: proton.me/mail(new window)

Protect your privacy and security online
Get Proton VPN free

Related articles

Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati