Network Lock
Network lock is a feature that prevents IPv4/IPv6 communications when your system is not connected to an AirVPN server. Its main purpose is preventing IPv4/IPv6 leaks under any circumstance, including unexpected VPN disconnection, but not limited to it: contrarily to several so called "kill switches" and VPN check monitoring processes, which don't do anything while connection is on and become totally useless if they crash, the Network Lock is based on strict firewalls rules. Thus, the protection against leaks is active even when the connection is detected as "on" (regardless it is really "on" or not), even if Eddie could not work anymore and even if you mis-configured by accident a listening service binding it to a physical network card.You can activate it by clicking the button pertaining to "Network Lock" in the "Overview" window.
A small icon on the top right corner will tell you anytime the status of Network Lock. Warning: if, after you have activated Network Lock, you modify the firewall rules, the client will not detect that. It's your responsibility to act accordingly.
After any change, do not forget to click the "Save" button.
Our software adopts various approaches to perform a network lock according to the operating system, software already available etc.
In AirVPN Menu -> Preferences -> Advanced - Network Lock you can find the following, additional options for Network Lock.
If Mode is set to None, the feature is not available. The commands are hidden in main window.
If it is set to 'Auto', the software automatically detects the best mode.
Otherwise, choose a specific mode. Note that only allowed modes for the current environment are listed.
By default the client option is set to "Automatic".
You can also decide whether to allow LAN and/or ping or not by ticking or un-ticking "Allow lan/private" and "Allow ping".
In Addresses allowed, you can specify a list of IP addresses that are enabled even if the network lock is active. That's useful for example to allow leaks to known trusted IP addresses. Separate each address with a newline. Empty lines are allowed. Use # for comments.
In Preferences > Routes if you specify that a route needs to be outside the tunnel, the same route bypasses the Network Lock.
You can't enable Network Lock and have at the same time the option Not specified routes go to Outside the VPN tunnel, because it would mean that Network Leak needs to be bypassed on every unknown range.
It's different from Addresses allowed, because these addresses are allowed during the Network Lock, but traffic to/from them is routed in the tunnel during VPN connection.
Under Windows, method are based on Windows Filtering Platform or Windows Firewall.
Under Linux, nftables and iptables.
Under macOS, PF.