What is a VPN kill switch and why is it blocking my internet?

A kill switch is a safety feature that blocks all internet traffic when the VPN tunnel drops or fails to establish — ensuring your real IP address and unencrypted traffic never leak outside the VPN. When the kill switch is active and the VPN connection itself is broken, you'll have no internet access at all. This is correct, intentional behavior. The fix is to either repair the VPN connection (so the kill switch permits traffic through the tunnel) or temporarily disable the kill switch to diagnose the connection issue.

How do I flush DNS on Windows?

Open Command Prompt as administrator (search 'cmd' in Start, right-click > 'Run as administrator'). Type `ipconfig /flushdns` and press Enter. You'll see the confirmation message 'Successfully flushed the DNS Resolver Cache.' This clears locally cached DNS records that may conflict with the VPN's DNS settings. It's a safe operation with no downside — DNS entries are re-cached from scratch on the next request.

What is split tunneling on a VPN?

Split tunneling lets you choose which apps or traffic routes through the VPN tunnel and which uses your regular internet connection. For example, you could route work applications through the VPN while streaming on Netflix through your regular connection. When misconfigured, split tunneling can route traffic incorrectly, making it appear the VPN is blocking access. If you're experiencing internet access issues after enabling split tunneling, disable it temporarily to confirm it's the cause.

Why does reinstalling the VPN client fix blocking issues?

VPN clients install a virtual network adapter and modify Windows routing tables. If either becomes corrupted — through a partial update, driver conflict, or failed uninstall of a previous VPN client — no amount of reconnecting or settings changes can fix the broken adapter. Uninstalling the VPN client removes its virtual adapter entirely; reinstalling creates a fresh one with clean configuration. This is the nuclear option but is reliably effective for persistent blocking issues that survive restarts.

VPN Blocking Internet Access? Here’s How to Fix It

The kill switch blocking traffic while the VPN tunnel isn’t fully established is the most common cause. Here’s how to identify and resolve it.

Quick Answer

✓Check if your VPN's Kill Switch is active and blocking traffic because the VPN tunnel itself isn't fully established — temporarily disable it to confirm, then fix the connection issue.
✓Flush DNS from an elevated Command Prompt: run `ipconfig /flushdns` then reconnect the VPN.
✓Disconnect and fully quit the VPN client (not just minimize it), restart it, then reconnect.
✓If nothing else works, uninstall and reinstall the VPN client — this resets its virtual network adapter, which is the most common root of persistent blocking.

Common Causes

Kill switch blocking all traffic because the VPN tunnel isn't established

Most Likely

The VPN kill switch is designed to block all internet traffic if the VPN tunnel drops — preventing any data from traveling unencrypted. When the kill switch is active and the VPN connection itself fails to fully establish, the kill switch correctly blocks all traffic. The result looks like the VPN is 'on' but the internet is completely unavailable. This is the intended behavior of the kill switch, but it traps users who don't realize the VPN isn't actually connected.

DNS settings conflict — VPN DNS isn't resolving correctly

Common

VPN connections typically override the DNS server settings Windows uses, pointing traffic through the VPN provider's DNS. If the VPN's DNS configuration fails to apply — or conflicts with manually set DNS servers — domain names can't resolve, making the internet appear unavailable even though the TCP/IP connection is working. This presents as 'connected' with no web pages loading rather than a complete network failure.

Split tunneling misconfiguration routing traffic incorrectly

Common

Split tunneling allows some traffic to bypass the VPN tunnel while other traffic routes through it. A misconfigured split tunnel can accidentally route all traffic through the VPN when the tunnel is broken, or block traffic that was meant to bypass the VPN. This is particularly common after updating the VPN client, which may reset split tunneling rules to default.

Corrupted VPN network adapter requiring reinstallation

Less Common

VPN clients install a virtual network adapter in Windows that all VPN traffic routes through. If this adapter's driver becomes corrupted — after a Windows update, driver conflict, or incomplete VPN update — the adapter can block traffic without the VPN being able to fix it through settings alone. The adapter appears in Device Manager but fails to route traffic correctly. A full uninstall and reinstall of the VPN client removes and recreates the adapter.

Step-by-Step Fix

Check and temporarily disable the Kill Switch

Open your VPN client's settings and look for 'Kill Switch,' 'Network Lock,' or 'Internet Kill Switch.' If it's enabled, temporarily turn it off. Then attempt to connect the VPN. If internet access returns when the kill switch is off, the kill switch is working correctly — the underlying VPN connection is failing, which triggers the kill switch to block traffic. Fix the VPN connection issue first (see 'Windows VPN Won't Connect'), then re-enable the kill switch.

Pro tip: Never leave the kill switch disabled as a permanent fix. It's a safety feature. The right resolution is to fix the VPN connection itself, then re-enable the kill switch.

Flush DNS and reconnect the VPN

Press Win + S and search for 'Command Prompt.' Right-click it and select 'Run as administrator.' In the window, type: `ipconfig /flushdns` and press Enter. You should see 'Successfully flushed the DNS Resolver Cache.' Then disconnect and reconnect the VPN. This clears cached DNS entries that may have become stale or conflicted with the VPN's DNS settings.

Disconnect, fully quit the VPN client, and restart it

Clicking 'Disconnect' in the VPN client may leave background processes running. Right-click the VPN icon in the system tray and choose 'Quit' or 'Exit' to fully close it. Wait 10 seconds. Then relaunch the client from the Start menu and reconnect. This clears any in-memory state where the client believes it's partially connected — which is enough to trigger the kill switch — without actually having a working tunnel.

Disable Split Tunneling temporarily to test

In your VPN client's settings, look for Split Tunneling (may also be called 'App Exclusions' or 'Bypass VPN'). If enabled, temporarily disable it and reconnect. If internet access returns, a split tunneling rule was routing traffic incorrectly. Review each app exclusion rule and remove any that shouldn't be there, or reset split tunneling to default settings.

Restart Windows

A full Windows restart clears routing table state, resets network adapter drivers, and terminates any background VPN processes that may be holding the network in a partially configured state. After restarting, connect the VPN before opening any other applications to give it a clean network state to work with.

Uninstall and reinstall the VPN client

Go to Settings > Apps > Installed Apps and search for your VPN client. Uninstall it completely and restart Windows. After restarting, download the latest version from the VPN provider's website and install fresh. This removes and recreates the virtual network adapter and all associated driver files, which is the only way to fully reset a corrupted VPN network configuration that has persisted through client restarts.