Killswitch functionality in F-Secure FREEDOME
F-Secure FREEDOME includes a killswitch feature to prevent accidental leakage of traffic to the internet.
Should the VPN connection between the FREEDOME client and the server drop for any reason, such as a short network outage or changing from one FREEDOME site to another, the FREEDOME killswitch will notice this. Depending on the settings, it may block the network traffic until the connection to the FREEDOME backend has been established again. In this scenario, only the mandatory network traffic is allowed. This includes only the traffic that is required to establish the VPN connection, such as DNS and DHCP, in addition to the OpenVPN or IPSEC protocol itself.
If the user turns off FREEDOME VPN, it will not trigger the killswitch feature. Instead, the network traffic will work normally but naturally not protected by FREEDOME.
There are minor differences in how the killswitch works on different operating systems:
On Android devices, the killswitch feature is turned ON by default.
However, in cases where there is a captive portal in the network (for example a hotel WiFi with a login page) and FREEDOME detects it, the killswitch works differently depending on the Android version. On Android 6.0 and newer, the traffic will be allowed only to the captive portal and after the authentication, to the FREEDOME backends. Because of the limitations in the Android versions 4 and 5, the killswitch will start working only after FREEDOME has detected that the captive portal authentication has been completed.
Note: Android version 4.4.2 has an unavoidable bug which allows traffic to leak briefly outside the VPN tunnel during the VPN connection phase regardless of the killswitch setting.
Note: Some Huawei devices running on Android 8 and 8.1 have a firmware bug that in some rare cases may cause a momentary traffic leak outside the VPN tunnel during the VPN connection phase regardless of the killswitch setting.
FREEDOME utilizes the built-in IPSEC VPN in the iOS operating system. The operating system includes a killswitch-like functionality that prevents external leaks. Nevertheless, there may be some unprotected network traffic between the iOS device and Apple. VPN applications, such as F-Secure FREEDOME, cannot affect this.
On Windows, the killswitch feature is turned OFF by default. Even with killswitch turned off the product will not leak traffic during the time it tries to reconnect to the FREEDOME backends. When the killswitch is turned on, it will block the network traffic even if the reconnection attempts are unsuccessful.
On Mac, the killswitch feature is turned OFF by default. When FREEDOME is in the "connecting..." state, the network traffic outside the VPN tunnel will not be blocked until the connection is established. When the killswitch is turned on, it will block the network traffic even if the reconnection attempts are unsuccessful.