Tunnelblick's Kill Switch
The "kill switch" is available in Tunnelblick 3.7.5beta05 and higher.
What the "Kill Switch" Is — and Isn't
Tunnelblick has a "kill switch" that can disable all network access if the VPN disconnects. This can be useful when running an application (for example, a BitTorrent client) that you do not want to "leak" data outside of the VPN.
It is not a "firewall", which can prevent all network access except through the VPN.
The difference is like the difference between a door that automatically closes when there's a fire (the "kill switch"), and a door with a doorman who only lets people through if they are going to a particular destination (the "firewall").
After Tunnelblick's kill switch has been activated your computer will not be able to access anything through the network, including the Internet. When that has happened, Tunnelblick's menu will have an additional command, "Re-enable network access", which will restore all network access. (In the analogy above, it will reopen the door.)
Tunnelblick's kill switch is controlled separately for each VPN you have (but see Changing Multiple Settings at Once), and it can be set up to be triggered by expected and/or unexpected disconnections.
The settings are found on the "Settings" tab of the "Configurations" panel of Tunnelblick's "VPN Details" window:
In the above screenshot, which has the "Home" VPN selected, "On expected disconnect" is set to "Do nothing" (kill switch inactive) and "On unexpected disconnect" is set to "Disable network access" (kill switch active). If there is an expected disconnection, nothing special will be done. If an unexpected disconnection occurs, however, all network access will be disabled.
When the kill switch has been activated:
If network access has been disabled when you quit or launch Tunnelblick or try to connect a VPN, Tunnelblick will ask if you want to re-enable it.
Re-Enabling Network Access Manually
If network access has been disabled and you cannot run Tunnelblick, network access can be restored manually:
Launch System Preferences, and click on "Network".
For each network service that is labeled "Inactive"
If you wish, turn Wi-Fi on. You can use the Wi-Fi icon in the menu bar, or, in the "Network" System Preferences, select the Wi-Fi service in the list on the left and then click the "Turn Wi-Fi On" button.