In short: The headline of a VPN is encryption, but privacy is won or lost in the edge cases — the second the connection drops, the DNS query that sneaks outside the tunnel, the app you didn't mean to route. A kill switch, DNS leak protection and split tunneling are the features that handle those moments. Knowing what each does helps you configure a VPN so it protects you continuously, not just when everything is working perfectly.
Kill switch: no traffic without the tunnel
VPN connections drop — you switch networks, the signal dips, the app reconnects. In that gap, without protection, your device falls back to the normal connection and briefly exposes your real IP and traffic. A kill switch blocks all internet access the instant the tunnel fails, and restores it only when the tunnel is back. It is the single most important setting for anyone who needs the tunnel to be reliable rather than merely usually-on. Turn it on and leave it on.
DNS leak protection: don't announce where you're going
Every site you visit starts with a DNS lookup that turns a name into an IP. If those lookups escape the tunnel and go to your ISP's resolver — a "DNS leak" — then your provider still learns every domain you visit, even though the traffic itself is encrypted. DNS leak protection forces those queries through the VPN's own resolvers so the destinations stay private. It is easy to test: after connecting, run any online DNS-leak check and confirm only the VPN's servers appear.
Split tunneling: route what you want
Sometimes you want most traffic through the VPN but a few apps on the direct connection — a banking app that distrusts foreign IPs, a local device on your home network, or a latency-sensitive game. Split tunneling lets you choose per app. It is a convenience feature, so use it deliberately: anything you route outside the tunnel is no longer protected, so keep sensitive apps inside it.
How they work together
Set correctly, the three form a continuous shield: DNS leak protection keeps your destinations private, the kill switch guarantees nothing escapes during a drop, and split tunneling lets you make careful exceptions without weakening the rest. Limp Secure VPN ships these so protection holds through the messy moments, not just the ideal ones — the full list is on the features page.
