← Back to field notes
Course Module 06: Monitoring, Kill Switches, and Leak Prevention
Turning a working tunnel into one that tells you when it's broken. Prometheus and Grafana for tunnel health, DNS/IPv6/WebRTC leak prevention, kill switch via firewall, alerting that doesn't lie about silent failure modes.
This is module 06 of the RouteHarden Network Engineering Course. A privacy stack that silently fails is worse than no privacy stack — you behave as if you're protected while traffic egresses through your ISP. Most "VPN leak" stories you read are not exotic attacks; they're someone whose tunnel dropped and whose system kept sending traffic through the default route without ever raising a flag.
By the end of this module you will:
- Configure a kill switch that drops all traffic the moment the tunnel goes down
- Detect and block IPv6 leaks, DNS leaks, and WebRTC leaks
- Stand up a minimal Prometheus + Grafana dashboard for tunnel health
- Build an alert that fires when the egress IP doesn't match the expected VPS
Related reading
Need help shipping this?
We do this kind of work for hire.
Network architecture review, self-hosted privacy stacks, zero-trust corporate VPNs.
SEE ENGAGEMENTS