OpenVPN strives to deliver reliable VPN server connections. But no internet-based service, not even OpenVPN, can operate without an occasional failure. Whether it’s an unreliable internet connection or ISP, VPN server problems, or an issue with antivirus or firewall settings — dropped connections happen. And when VPN connection failures happen, they can present bad actors opportunities to access your online activity, as well as any sensitive data you transmit from your mobile device(s).
This scenario is exactly why the OpenVPN development team decided to add a kill switch feature to OpenVPN Connect App, the official client software developed and maintained by OpenVPN Inc.
OpenVPN Connect, a free and full-featured VPN Client Software, is available on Google Play and in the Apple iTunes store; Windows and macOS versions can be downloaded from the OpenVPN site. Connect is compatible with Windows, macOS, Android, and iOS, and connects devices to the VPN so users can log on to a network from anywhere.
To understand the ins and outs of the OpenVPN Kill Switch option specifically, as well as the broader benefits of VPN kill switches in general, we sat down with Yuriy Barnovych, Product Manager & Technical Lead on the Apps project for OpenVPN. Read on to see what he had to say about VPN kill switches, and how he and his team approached this project.
What is a VPN Kill Switch?
The first, most obvious question we had for Yuriy was, “So, what is a VPN kill switch?” He gave us a straightforward, OpenVPN-specific answer: “The OpenVPN Connect App Kill Switch feature blocks any data leakage via the network in the event of a dropped VPN connection.” Users can create a kill switch themselves, using a secure VPN firewall, or they can opt for a VPN that includes a kill switch. The latter is easier for typical VPN users, but not all business VPNs have a kill switch.
Why is it that VPN services are so widely used but kill switches are relatively unknown? More importantly, why doesn’t every VPN provider include a kill switch if they reliably protect your information? “If the operating system being used has kill switch functionality integrated, it’s fairly easy to activate and use it.” What Yuriy considers “fairly easy” may require more effort for others, but he clarified by saying, “This is implemented on the operating system (OS) layer in Android and iOS, so OpenVPN can take advantage of system support on these platforms.” OpenVPN did take advantage of the OS layer system support, resulting in the new OpenVPN Connect kill switch.
You’re probably wondering why macOS and Windows aren’t part of this initial rollout. According to Yuriy, “For now, MacOS and Windows don’t have OS support, so adding the kill switch to those is more of a challenge.” But that doesn’t mean Yuriy and his team are giving up on it. From what we’ve seen, they’re dogged when it comes to finding solutions and figuring out how to overcome never-before-seen challenges.
What are the Benefits of a VPN Kill Switch?
Modern VPNs are a source of frustration for hackers; even the most accomplished cybercriminals will have a difficult time scamming their way into internet traffic passing through the servers of a good VPN. Those hackers are patient, though, and will gladly snag your sensitive information as soon as your VPN connection drops.
The most effective cybersecurity approaches are layered, and a kill switch is an additional layer of protection. Yuriy explains that, “This is truly an improvement to security and data privacy. If your VPN connection is configured to channel all your traffic through a VPN, with an enabled kill switch — and VPN application support, of course — all of your traffic will be blocked until you connect to a VPN.” Remote and hybrid workforces are quickly becoming the norm, with people working anywhere they can get internet access, but when using a VPN kill switch, “The user doesn’t have to worry about leakage, or man-in-the-middle DNS attacks, when VPN disconnections happen while you’re working on free or public WiFi.” The flexibility that comes with remote work is welcome because it saves time and money while increasing productivity. That flexibility does come with increased risks, but the evolution of VPNs and features such as integrated kill switches help to keep cybercriminals at bay.
Fortunately, Yuriy and the rest of the programming and developing crew at OpenVPN love to come up with new, creative ways to stop those who want to steal your most valuable asset: your data.
How does the VPN Kill Switch work with OpenVPN?
The question front of mind for millions of OpenVPN Connect users? “How does the VPN kill switch work with OpenVPN Connect?” In speaking with Yuriy we learned that, like most OpenVPN features, this isn’t a one-and-done. “With the first mobile clients release (iOS and Android 3.3) we’re rolling out a simple checkbox setting. When users enable the kill switch by checking the box, their most recently connected or used VPN configuration becomes the system’s default kill switch VPN profile.” At that point the OS won’t allow any traffic from your device until the profile is connected, plus, “it will immediately try to connect after rebooting or manually disconnecting.”
But what if a profile needs additional authentication? No problem, according to Yuriy: “... the OS will show a notification that opens the OpenVPN Connect app with an appropriate modal prompt.”
We’re on a mission to help organizations safeguard their assets in a dynamic, cost-effective, and scalable way. The OpenVPN Connect kill switch is just one more way we’re making that happen.
Inside the OpenVPN Development Process
So, how did the OpenVPN Connect kill switch go from idea to reality? Was it fast and easy? Problem-free?
Of course not.
According to Yuriy, the OpenVPN team “... worked on this feature for several months and had to address a number of challenges along the way.”
To begin with, “Operating systems — especially iOS — aren't designed to support additional authentication for VPN connections. That means the OS will try to connect with a VPN profile and ignore any attempts to get additional user information (e.g., password, two-factor authentication, Web Authorization).” The OpenVPN development team wasn’t going to let inhospitable operating systems stop them. “We were forced to completely refactor the connection process,” Yuriy said, “to create the ability to interrupt the connection.” This connection interruption is “ … initiated by a system and shows users a notification that opens the application with the authentication fields required to proceed.” Again, a layered cybersecurity approach is your best bet for protecting people and data. And when existing systems aren’t built to support additional layers that thwart the latest and greatest efforts of hackers, infosec professionals like Yuriy find ways to extend the protection VPNs offer.
The OpenVPN kill switch, like all features on our VPN software, will continue to evolve. Our team is dedicated to staying ahead of bad actors, keeping your data safe, securing online privacy, and reducing both the cost and complexity of network traffic and security. In the words of Yuriy Barnovych, “As long as you have the right people, you can accomplish anything.”