Failover & Kill Switch Design Runbook

Architecture guide for building resilient VPN setups with proper failover behavior. Documents the critical

discovery that exit node failure does NOT trigger automatic failover, and provides design patterns for multi-tunnel

configurations.

KEY FEATURES

• Critical discovery: Exit node offline ≠ automatic failover

• Kill Switch placement rules (only on LAST tunnel)

• Traffic flow with Tailscale + VPN Dashboard

• Four risk-level configurations with trade-offs

• Recovery procedures (three options)

• Proactive monitoring setup (UptimeRobot, Healthchecks.io)

• VPN Dashboard priority configuration

• Multi-tier failover chain examples

IDEAL FOR

Users combining Tailscale with commercial VPNs, anyone needing redundant connections, travelers requiring

guaranteed connectivity.