nbari
commented
4 years ago Hi @rafaelbiriba the killswitch implementation relies on PF (available in macOS since version 10.6), behind the scenes tries to automatically find your VPN peer endpoint, create a set of pf.rules /tmp/killswitch.pf.conf and then load them into your system (because of this, the need of sudo).
It is important to mention that killswitch is not an application monitoring your VPN process as many vendors do, it loads a set of firewall rules into your system, the ones are handled by the kernel, not in the userland and once loaded either if your VPN application crashes or goes down, traffic will not "leak", just keep in mind that the set of rules are not persistent, this means that if your system reboots you will need to enable it again (load the firewall rules sudo killswitch -e), since by default your system will load the rules defined here /etc/pf.conf
The check how reliable is you could use tools like tcpdump or wireshark, disconnect your VPN and check the traffic, (if the killswitch is enabled and you disconnect your VPN, high are the chances that you will need to disable it sudo killswitch -d before trying to connect the VPN again, this is because probably the killswitch is blocking your endpoint)
Please give a try and if have further questions, feedback or any comment, don't hesitate to ask.
rafaelbiriba
Hi, can I open an issue to ask an important question?
Since I am connecting to my VPN manually in my MacBook, I am using this killswitch to keep all my connection via VPN.
Since my VPN connection drops everything 30-60min, is there any chance of at least one single package get leaked on my host wifi connection?