-
Notifications
You must be signed in to change notification settings - Fork 38
VPN Internet Kill Switch
Release 2020.05.19 introduced a VPN internet Kill switch. IF CMST detects that active VPN connection drops it will immediately send a power off signal to all technologies.
If you wish to enable the VPN kill switch navigate to the Preferences tab in CMST. In the Program Control box at the bottom left side of the tab page will be an entry for Enable VPN Internet Kill Switch. Put a check in that box and the kill switch is enabled.
ConnMan keeps a list of services and issues a ServicesChanged signal via DBus whenever the service order changes. This signal is monitored as a routine matter by CMST (how the Services window in the Status tab is kept up to date). When the signal is received CMST first checks to see if the kill switch is enabled, then if the topmost (the active) service is VPN. If it is, and if the change was not user initiated, for instance by pressing the Disconnect button on the VPN tab, and if the new topmost service is not VPN, then all technologies are sent a power off command.
The kill switch is implemented in CMST, not ConnMan. ConnMan will make a VPN or any other type of connection perfectly fine without CMST running. If you want the kill switch feature then CMST must be running at all times with the Enable VPN Internet Kill Switch box checked. The program does not need a full window on your desktop, typically CMST would be running minimized in the system tray.
This will also only work when ConnMan has the service order sorted properly. There was a period of time when VPN connections would be made, and used, but were not always sorted to the top of the service list as they were supposed to be. It was an intermittent error that would only happen occasionally. This seems to have been fixed now, but if you really need and must rely upon this kill switch please keep an eye on the service order as displayed in the Status tab until you are confident that it will always sort properly on your system. The topmost entry should be VPN when you have a VPN connection. The status may show "Ready" while the Wifi or Wired connection below shows "Online". This is okay, the critical thing is the top entry being of type VPN.