PenVPN is dedicated to providing reliable VPN server connections. However, any Internet-based service, even OpenVPN, will occasionally fail at runtime. Whether it’s an unreliable Internet connection or an ISP or VPN server problem, or an anti-virus or firewall setup problem, the connection can go down. When VPN connection failures occur, they give bad actors access to your online activities and any sensitive data you transfer from your mobile device.

This scenario is why the OpenVPN development team decided to add the Kill Switch function to the OpenVPN Connect App, the official client software developed and maintained by OpenVPN.

Whether it’s an unreliable Internet connection or an ISP or VPN server problem, or an anti-virus or firewall setup problem, the connection can go down.

OpenVPN Connect is a free, full-featured VPN client software available on Google Play and Apple’S iTunes Store; Windows and macOS versions are available for download from the OpenVPN site. Connect, compatible with Windows, macOS, Android and iOS operating systems, connects devices to a VPN and allows users to log in to the network from anywhere.

To learn the nuts and bolts of the OpenVPN Kill Switch option, as well as the broader benefits of VPN Kill Switch, we spoke with Yuriy Barnovych, product manager and technical lead of the OpenVPN Application project. Read on to see what he had to say about the VPN kill switch and how he and his team pulled off the project.

What is VPN Kill Switch?

The first and most obvious question we asked Yuriy was, what is a VPN kill switch?” He gave us a simple answer for OpenVPN: “The OpenVPN Connect App Kill Switch feature prevents any data from leaking over the network in the event of a VPN connection breakdown.” Users can create their own kill switch using a secure VPN firewall, or they can choose a VPN that includes a kill switch. The latter is easier for the typical VPN user, but not all business VPNS have kill switches.

The OpenVPN Connect application’s Kill Switch feature prevents any data from leaking over the network in the event of a VPN connection breakdown.

— Yuriy Barnovych, Product manager at OpenVPN

Why are VPN services so widely used and kill Switches relatively unknown? More importantly, if it can reliably protect your information, why doesn’t every VPN provider include a kill switch? “If the operating system you’re using has a kill switch integrated, it’s pretty easy to activate and use it.” Yuriy thinks something “fairly simple” might require more effort from others, but he clarifies: “It’s done at the operating system (OS) layer of Android and iOS, so OpenVPN can take advantage of system support on those platforms.” OpenVPN does take advantage of system support at the operating system layer, resulting in the new OpenVPN Connect Kill switch.

You may be wondering why macOS and Windows were not included in the initial presentation. According to Yuriy, “Right now, MacOS and Windows don’t support operating systems, so adding a kill switch to those systems is a bigger challenge.” But that doesn’t mean Yuri and his team have given up. From what we’ve seen, they’re tenacious when it comes to finding solutions and figuring out how to overcome never-before-seen challenges.

What are the benefits of VPN Kill switches?

Modern VPNS frustrate hackers; Even the most successful cybercriminals have trouble accessing Internet traffic through the servers of a good VPN. These hackers are patient, though, and will happily steal your sensitive information once your VPN connection goes down.

Think of a hacker as a cat waiting to pounce on a rat — and the missing VPN connection is that rat.

The most effective approach to network security is layered, and a kill switch is an extra layer of protection. “This is a real improvement in security and data privacy,” Yuriy explained. If your VPN connection is configured to direct all traffic through a VPN with the kill switch enabled — and VPN app support, of course — all traffic will be blocked until you connect to a VPN.” Remote and hybrid labor is fast becoming the norm, with people working from anywhere they can access the Internet, but when using VPN kill switches, “users don’t need to worry about leaks, or man-in-the-middle DNS attacks, when VPN disconnections occur while you’re on free or public WiFi”. The flexibility of remote working is welcome because it saves time and money while increasing productivity. This flexibility does come with increased risk, but the growth of VPNS and features such as integrated “kill switches” have helped curb cybercrime.

Fortunately, Yuriy and other programmers and developers at OpenVPN like to come up with new and creative ways to stop people who want to steal your most valuable asset: your data.

How does VPN Kill Switch work with OpenVPN?

What is the first question that comes to mind for millions of OpenVPN Connect users? “How does VPN Kill Switch work in OpenVPN Connect?” In talking to Yuriy, we learned that, like most OpenVPN features, this is not a one-time thing. “In the first mobile client version (iOS and Android 3.3), we introduced a simple checkbox setting. When users enable kill Switch through the checkbox, their most recently connected or used VPN configuration becomes the system’s default Kill Switch VPN profile.” At this point, the operating system will not allow any traffic from the device until the profile is connected, and, “it will try to connect immediately after reboot or manual disconnection.”

But what if the configuration file requires additional authentication? No problem, according to Yuri: “… The operating system displays a notification to open the OpenVPN Connect application with an appropriate mode.”

Our mission is to help organizations protect their assets in a dynamic, cost-effective and scalable manner. OpenVPN connection termination switches are just another way we can achieve this goal.

OpenVPN development process

So how did OpenVPN Connect’s kill switch go from idea to reality? Is it quick and easy? No problems?

Of course not.

According to Yuriy, the OpenVPN team “… I’ve been working on this feature for months and faced a lot of challenges along the way.”

OpenVPN’s kill switch, like all features of our VPN software, will continue to evolve.

First, “operating systems, especially iOS, are not designed to support additional authentication for VPN connections. This means that the operating system will attempt to connect to the VPN profile and ignore any attempts to obtain additional user information (e.g., passwords, two-factor authentication, Web authorization).” The OpenVPN development team won’t let an unfriendly operating system stop them. “We were forced to completely reengineer the connection process,” Says Yuriy, “to create the ability to break the connection.” This disconnection is “initiated by the system and displays a notification to the user that opens the application and contains the authentication fields needed to proceed.” Again, a layered approach to network security is the best choice for protecting people and data. When existing systems can’t support the extra layer of protection to block the latest and most powerful hacks, information security professionals like Yuriy find ways to extend the protection VPNS offer.

OpenVPN’s kill switch, like all features of our VPN software, will continue to evolve. Our team is committed to staying ahead of bad actors, keeping your data safe, protecting online privacy, and reducing the cost and complexity of network traffic and security. In the words of Yuri Banovic, “If you have the right people, you can accomplish anything.”