{"id":12025,"date":"2015-08-19T10:17:45","date_gmt":"2015-08-19T14:17:45","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=12025"},"modified":"2026-01-27T11:25:09","modified_gmt":"2026-01-27T16:25:09","slug":"creating-a-kill-switched-vpn-with-pia-and-little-snitch","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/08\/19\/creating-a-kill-switched-vpn-with-pia-and-little-snitch\/","title":{"rendered":"Creating a Kill-Switched VPN With PIA and Little Snitch"},"content":{"rendered":"

Matt Henderson<\/a>:<\/p>\n

\n

PIA provides a kill-switch feature, but just like Cloak, enabling it will affect local-network services. I’ve discovered a solution, however, achieving the same functionality without affecting local-network services, through the use of Little Snitch—a Mac OS X application-level packet filter—and it’s support for automatic profile switching.<\/p>\n

[…]<\/p>\n

So, in summary, whenever my Mac is not<\/em> connected to a VPN (with the exeption of mobile tethering as described below), my “Public (Kill Traffic)” Little Snitch profile is automatically selected, preventing all incoming and outgoing connections.<\/p>\n

[…]<\/p>\n

I have one other Little Snitch profile, unrelated to VPN connectivity, called “Mobile”. This profile is activated whenever my Mac is connected to my iPhone’s or iPad’s “Personal Hotspot”. The purpose of this profile is to minimize my iOS device’s data usage. As you can see from the screenshot, this profile kills traffic from apps like Dropbox and BitTorrent Sync.<\/p>\n<\/blockquote>\n

Update (2015-08-21): Matt Henderson<\/a>:<\/p>\n

The [iVPN] app seemed to function just fine in terms of establishing a VPN connection, and the data rate was fine. But the UI did behave a bit wonky at times. For example, often when I’d open the app (after being logged in), the main information window continually displayed a spinner, as if it were stuck. The second issue I noticed was that it didn’t offer the feature provided by Cloak and PIA to auto-detect the best server for connection. Finally, I found that it didn’t offer a kill-switch—which, alone, wouldn’t have been a show-stopper, as I found a work around with Little Snitch.<\/p>\n

[…]<\/p>\n

Having read this article, Sam from iVPN reached out. In a very thoughtful email, he explained how BitPay’s platform currently doesn’t allow for sub-management accounts, and so in fact, only the main administrator (who has access to all the account’s funds) can issue a refund, and he explained that BitPay’s refund process has been very unpredictable. He also sent a few screenshots of their forthcoming update to their Mac client and it looks very good!<\/em><\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"

Matt Henderson: PIA provides a kill-switch feature, but just like Cloak, enabling it will affect local-network services. I’ve discovered a solution, however, achieving the same functionality without affecting local-network services, through the use of Little Snitch—a Mac OS X application-level packet filter—and it’s support for automatic profile switching. […] So, in summary, whenever my Mac […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2026-01-27T16:25:11Z","apple_news_api_id":"546245b5-3c07-49ff-a0b3-cb585366073a","apple_news_api_modified_at":"2026-01-27T16:25:11Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AVGJFtTwHSf-gs8tYU2YHOg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[914,1133,1258,139,30,32,476,355,1254,2878,1132],"class_list":["post-12025","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bitcoin","tag-cloak","tag-ivpn","tag-littlesnitch","tag-mac","tag-macapp","tag-networking","tag-privacy","tag-private-internet-access-pia","tag-tethering","tag-virtual-private-network-vpn"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=12025"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12025\/revisions"}],"predecessor-version":[{"id":12056,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12025\/revisions\/12056"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=12025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=12025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=12025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}