Should it block traffic if I disconnect from VPN manually?

[JonLaliberte]

I was testing this today, and maybe I'm misunderstanding and this is expected behavior?

My Test:

• Connect via WiFi (only).
• Connected to VPN (L2TP over IPSec).
• Ran sudo killswitch -e.
• Received "killswitch enabled"
• Disconnect VPN manually.
• Tested WiFi, it was working as normal (using public IP).

[nbari]

hi @JonLaliberte if you disconnect the VPN there should be no traffic going out (if killswitch is enabled)

[JonLaliberte]

@nbari I thought so. Anything I should check to see what is happening?

When testing I confirmed I was connected via the VPN (VPN connection also had the setting enabled to send all traffic through it if that matters).

Does the order of the networks in network settings matter?

[nbari]

• try ping 1.1.1.1 and check https://myip.country
• turn on your VNP and Enable killswitch
• ping again to 1.1.1.1 check again https://myip.country (probably your public IP changed)
• turn off your VPN (ping to 1.1.1.1 should not work the same as https://myip.country)

If you run killswitch -leak ping can work

[JonLaliberte]

Tested as described. I'm traveling and connecting to my home network VPN. Pinging 1.1.1.1 always worked. myip.country showed the changed public IP from/to my home IP when disconnecting/connecting to the VPN.

Here is the output from killswitch if it helps:

~ sudo killswitch -e
Interface  MAC address         IP
en0        18:3e:ef:ab:47:11   192.168.67.154/24
ppp0                           192.168.2.6

Public IP address: xxx.xxx.xxx.xxx
PEER IP address:  xxx.xxx.xxx.xxx

# --------------------------------------------------------------
# Loading rules
# --------------------------------------------------------------
No ALTQ support in kernel
ALTQ related functions disabled
block drop all
block drop out quick inet6 all
pass inet proto udp from any to 224.0.0.0/4 keep state
pass inet proto udp from 224.0.0.0/4 to any keep state
pass inet from any to 255.255.255.255 flags S/SA keep state
pass inet from 255.255.255.255 to any flags S/SA keep state
pass on en0 proto udp from any port 67:68 to any port 67:68 keep state
pass on en0 inet proto tcp from any to xxx.xxx.xxx.xxx flags S/SA keep state
pass on en0 inet proto udp from any to xxx.xxx.xxx.xxx keep state
pass on ppp0 all flags S/SA keep state

killswitch enabled

[qudwill]

I have similar issue.

Is there any way how I can debug it and found the problem why it doesn't block connection when VPN is disabled?

Thank you.

[nbari]

If VPN goes down no traffic should be going out (if the killswitch is enabled), the way you can test/debug is experimenting directly with the PF rules

[KeramxD]

Same here. When I disable NordVPN, https://myip.country/ shows my public IP. Is there any solution?