I’m new to wireguard. is there a way to set a kill switch for it on windows?
IDK what you think this is. WG is no Service per se, it is a protocol or program or infasctructure. nothing like nordvpn, cyberghost, surfshark, expressvpn or many others…
you need your own endpoint (server) and private keys…
OP did you ever get your question answered?
only safe “kill switch” is a hardware-based one on the firewall or router providing to the Windows box. do not ever rely on a software based “kill switch” as they are unreliable and can’t be trusted.
You have a Kill switch tick box whenever you’re creating or editing a tunnel. A few redittors tested it and apparently it works really well. Personally I’ve only tried an extended DNS leak test with an unstable connection(handshake every 1:30 min or so) and didn’t get any leak; so it seems to work fine.
u/Expln the answer is partially already given here. I did manual routing in the past that acted as my killswitch using openvpn (migrating soon to wireguard). I call 0.0.0.0 wan/internet, but technically is not true as you’re likely natted, but it gives people the understanding what I mean, all traffic routed through a gateway is always denoted as 0.0.0.0.
What you want to do is route this 0.0.0.0 traffic to the vpn tap adapter and delete all 0.0.0.0 to your own adapter. Idk if wireguard uses one, but openvpn did in the past and this worked for me close to a decade, never had any ip leak. This means if vpn drops, you have no internet, at all and therefore is also easy to record disconnects in a logger. This also means that you manually need to route 0.0.0.0 to your own adapter in order to be able to connect to the vpn in the first place and remove that 0.0.0.0 to your own after connecting again. I had this automatically done in a batch file.
I’d never rely on software do to any proper killswitch for you, if it’s not open source and you don’t understand how it works, let alone updates changing/removing it. To add extra layer of security, use firewall rules on the machine and better, on the router itself as that operates on a lower layer and isolated.
I have keys and service giver (mullvad), I’m basically asking how to set up a kill switch on wireguard? or if it’s possible.
on mullvad app it has that option built in but I’d rather use wireguard and not their app
yet he wants one, for ‘reasons’
I don’t think we are referring to the same thing? I’m talking about a kill switch so traffic will automatically stop if vpn disconnects
sorry i am not familliar with mullvad but as far as i know a “allowed-ips 0.0.0.0/0” would transfer all traffic through this interface, so if you loose the connection a “kill-switch” would be directly implementet… anyone who knows better PLEASE correct me.
If the VPN disconnects, traffic does stop,
you mean if I set it up from that thread?
A VPN is a connection, like a phone call. If either end disconnects, the call stops.
no? maybe I’m wrong but the internet connection continues to work?
if I use a vpn and I browse the internet, and I disable the vpn, I’ll be able to continue to browse the internet, but now my traffic will be exposed
the internet connection doesn’t stop working when the vpn is disabled
Ok, so you want to disable the Internet if the VPN goes down? Is that correct?
I don’t have such thing as “Block untunneled traffic”
Step 4: