What is a VPN Kill Switch?

A VPN Kill Switch completely shuts off your Internet access when the connection to your VPN is dropped. A VPN firewall takes the concept of a VPN Kill Switch further by actively blocking traffic from leaking outside of your encrypted tunnel. A VPN firewall like Liquid Lock is better than a VPN Kill Switch because it blocks DNS and IP leaks.

The Best VPN Kill Switches are Liquid Lock and Comodo Firewall

The new LiquidVPN client features Liquid Lock which does the same thing the Comodo firewall VPN kill switch found here does except it is much easier. This page is here for users that are not using the LiquidVPN client or that do not have LiquidVPN.
Liquid Lock Introduction

Choose Your VPN Kill Switch

Users that do not want to spend an hour setting up their VPN kill switch should download the LiquidVPN client and turn on Liquid Lock the built-in VPN kill switch.

  1. LiquidVPN with Liquid Lock – Our VPN application for Windows and OS X comes with a very advanced integrated VPN firewall, and VPN kill switch that can be turned on and off right from our client.
  2.  Comodo Firewall and VPN Kill Switch – We have just finished creating a new Comodo firewall, and VPN kill switch guide for our knowledgebase. We recommend following the updated guide here

VPN Firewall and Kill Switch Installation

Comodo Personal Firewall is a very powerful free firewall that when configured properly will make the most effective Windows VPN kill switch and firewall available. If you follow this guide you will have a VPN kill switch and firewall that is easy to use and more robust than any other software solution. When your VPN firewall is enabled all of your traffic will be blocked by default unless it sent to one of the VPN servers defined in your VPN server zone. It will block DNS leaks by only allowing DNS requests sent to your approved list of DNS servers.

Before you can setup and test your VPN kill switch and firewall you will need at least basic information for 1 VPN server.

  1. VPN Server IP Addresses: Address or host name of the VPN server(s) you connect to. We recommend using IP addresses for security purposes. LiquidVPN users can find this information on our server status page. https://my.liquidvpn.com/clientarea.php VPN Server Status
  2. DNS Server(s): Public DNS server addresses you use. Kill Switch DNS rules are recommended but not required if you use an IP address to connect to your VPN Server instead of a host name. LiquidVPN uses by default. With a few exceptions.
  3. VPN Server’s Internal IP Addresses: Depending on the type of online VPN service you have these addresses could be private IP addresses or public IP addresses. There are many ways to get these addresses. For initial testing you can look at your adapter or VPN client. To finish the setup asking your VPN provider for these ranges will be the easiest method of getting them. LiquidVPN uses or to Our dedicated IP connections hand out public IP addresses so you will need to add them to the firewall manually.
VPN Server Status
Comodo VPN Kill Switch Installation 1

Comodo Personal Firewall Screen 1

After downloading Comodo personal firewall run the application. On the first setup screen of COMODO Firewall Installer do the following.

  • Uncheck Cloud Based Behavior Analysis and Send anonymous program usage.
  • Click Customize Installation.

Comodo Personal Firewall Customize Setup

In the customize setup screen under installation options you will want to make the following customizations

  • Uncheck Install Comodo GeekBuddy, Dragon Web Browser and PrivDog.
  • Click < Back
VPN Kill Switch Screen 2
Comodo Personal Firewall Installation Step 3

Comodo Personal Firewall Screen 3

This 3rd screen looks surprisingly like the first screen except it does not ask for your email address. Perhaps they are hoping you leave those pesky checks checked.

  • Uncheck Both check boxes.
  • Click Agree and Install.

Your VPN Kill Switch is Installing Now

In the customize setup screen under installation options you will want to make the following customizations

  • Write to your online VPN provider and ask what private IP ranges they use and what public IP addresses accept your VPN connection requests LiquidVPN uses –
  • Go to the opennicproject for name resolution when not connected to LiquidVPN and LiquidDNS.
VPN Kill Switch Screen 4
Comodo Personal Firewall Installation Step 5

VPN Kill Switch and Firewall Configuration

The Comodo status box is displayed on the top right hand corner of your screen. If you intend to use Comodo to its full potential (AV, sandbox etc.) you may find this screen useful. We Don’t. So here is how to remove it.

  • Click Secure
  • Remove the Comodo Widget (Optional) Right click anywhere inside of the widget, Remove the check next to Show in the Widget menu.

Comodo's VPN Kill Switch Status and Tasks

The first screen that opens is the system status screen. You will see some information about network intrusions and status. Now begins your VPN kill switch setup.

  • Click Tasks (It is located in the upper right corner)
  • Click Firewall Tasks
  • Click Open Advanced Settings
VPN Kill Switch Screen 6
Comodo Personal Firewall Installation HIPS

VPN Kill Switch and Firewall Configuration

HIPS or Host Intrusion Protection System is a nice feature if you are worried about a hacker exploiting vulnerabilities on your machine. However it will produce warnings and sometimes block legit applications if its not setup correctly. Setting up HIPS is beyond the scope of this guide.

  • Uncheck Cloud Based Behavior Analysis and Send anonymous program usage.
  • Click Customize Installation.

Initial Firewall Settings for the VPN Kill Switch

Now its time to setup your firewall. The easiest way to setup your VPN kill switch is to just use the exact same settings that are shown in the screenshot to the left.

  • Check Enable Firewall and set it to Custom Ruleset.
  • If you do not want to be alerted Check Do NOT show popup alerts and set it to Allow Requests. Alternatively you can check Create rules for safe applications
  • Check Filter IPv6 traffic
VPN Kill Switch Screen 7
Comodo Personal Firewall Installation Step 8Comodo Personal Firewall Installation Step 9

Setup Network Zones for VPN Kill Switch

Now set up 3 zones. DNS Servers, VPN IPs and VPN Servers. Use the popup menu at the bottom to add, edit and remove zones.

  • Add 3 zones named DNS Servers, VPN IPs, VPN Servers. To add a zone Click the ^, Add, New Network Zone.
  • Click DNS Servers and Add New Address Select IPv4 Single Address and enter your first DNS server IP. If you are using LiquidVPN enter
  • Add New Addresses to the VPN Servers the same way you added Addresses to DNS servers. Some people may use Host Name instead of IPv4 Address. LiquidVPN users can get this information from the Server Status page in your control panel
  • Add New Addresses to VPN IP’s. Use type IPv4 Address Range.
  • LiquidVPN users: The VPN IP’s in the screenshot on the left are the private IP ranges we use for most of our OpenVPN infrastructure. Use the – range to be compatible with all of our infrastructure. The VPN Servers listed are some of our OpenVPN servers. You will want to get the complete list from the control panel.

Set up the VPN Kill Switch Global Rules

Select Global Rules from the menu on the left. The first thing to do is delete all of the rules and start with a clean state. While copying the rules from the screenshot here are the most important things to remember.

  • Click ^ the rule popup opens. Rule order is important. Use Move Up and Move Down to change rule order.
  • Click Add to display the Add Rule window.
  • Your rules should look exactly how they look in the bottom screenshot on the left.
  • Check Log as firewall event for all rules.
  • Whenever it says Mac Any Choose Type: Any Address.
  • Make sure your rules are in the exact same order as the rules on the left.

To turn the VPN kill switch off you simply change your block rule the bottom rule to allow and traffic will begin to pass through your adapter again like normal. 

VPN Kill Switch Screen 10VPN Kill Switch Screen 11VPN Kill Switch Screen 12