What Are VPNs?
In short, VPNs are services that will let you connect to the internet through their servers, effectively changing your IP address and partially protecting you from tracking by your ISP and any websites that you visit. If you want to keep yourself undetected while browsing, they’re an important part of your toolkit, although you’ll also need to use Incognito Mode and follow some other steps for anything resembling anonymity.
However, VPNs aren’t bulletproof: There are some problems that can pop up in even the best of VPNs that can potentially reveal your IP address to the sites or services that you visit, thus rendering your VPN useless. Thankfully, there are a number of free tools available on the web that can help you track down these issues and deal with them.
Types of VPN Leaks
When a VPN broadcasts your IP address instead of that of the VPN’s server, that’s called a leak. There are three types of leaks that you can easily detect with simple tools: IP leaks, WebRTC leaks, and DNS leaks.
IP leaks come in two flavors: IPv4 and IPv6 leaks. (We have an article on the difference between IPv4 and IPv6). An IPv4 leak is when the VPN fails to protect your connection, pure and simple. You won’t see too many of these, if ever, as they only happen when a VPN fails.
According to Dimitar Dobrev, founder of VPNArea, IPv6 leaks happen if both you and the website you connect to support IPv6, but your VPN only supports IPv4. With the IPv6 connection effectively unprotected, the site can see your IP address. The only good way to prevent this is to upgrade to a VPN that uses IPv6 protection or has the option to shut it off. If your VPN has neither, then get another.
WebRTC leaks are a different issue: In the words of ExpressVPN Vice President Harold Li, Web Real-Time Communication (WebRTC) is a collection of standardized technologies that allows web browsers to communicate with each other directly without the need for an intermediate server. As this goes on, occasionally, a browser can accidentally reveal your IPv4 address and with it, your location. If this happens, you can disable WebRTC requests with a browser extension.
Last but not least are DNS leaks, which are quite common, and even high-end VPNs will occasionally suffer from them. They happen when your DNS requests are sent to your standard DNS servers directly without going through the VPN and using the VPN’s DNS servers. Changing servers should fix it, but if it happens regularly, you probably need to change VPNs.
VPN Testing Tools
Now that we know what we’re looking for, let’s take a look at how we can detect these three types of leaks. There are a number of tools to choose from: Our favorites are ipleak.net—owned by AirVPN—and ipleak.org, which is owned by VPNArea. Both do a fine job of showing you what you need to know, but since we like ipleak.net’s interface a little better, we’ll be using that one for the purposes of this article.
If you’re experienced in working with the backend of computers, our favorite VPN service, ExpressVPN, has put out its testing tools on GitHub. If you’re comfortable with more advanced tools like this, we recommend that you give them a whirl and get not just information on leaks, but also on a host of other data.
Testing Your Connection
To show you how the tests work, first, we’ll go to ipleak.net without enabling a VPN. There’s no introduction screen or anything. You’re immediately brought to your test results.
At the top is your IP address. Under that are the country and the city you’re in (Hello from sunny Cyprus.). However, sometimes, your city might show up differently: For instance, ipleak.net usually shows my city as Larnaca or Nicosia (both of which are about 50 miles away). This is due to my ISP connecting to a server elsewhere on the island.
The IPv6 test is just to the right of your IP address. It showing up as “not reachable” means that you passed, in this case, so we’re safe. Below that is WebRTC detection. If it’s empty, you’re also good.
Last but not least is your DNS test, which shows a host of IP addresses, which can be from anywhere. These are the different servers that your signal has bounced between before hitting ipleak.net’s server. As it is now, it’s also fine.
Since running a test on an unprotected connection is kind of pointless, let’s connect to a server in the Netherlands. All you need to do in this case is connect, and then reload the ipleak.net page. The test will be run again automatically.
In this test, there are a few things to note: The results for the IPv6 and WebRTC tests are fine. To find out whether our VPN passed the DNS leak test, we need to look through the list of IP addresses and see whether or not our original IP is there: If it’s not, like now, we’re all good. This means that the connection is all good and that the VPN has passed.
However, there is one thing to note, and if you start running your tests yourself, you’ll come across this quite often: The location of the VPN’s IP address is different than what we selected. We chose a server in Amsterdam, but this IP places us in Overijssel, which is a province about 60 miles or 100km from Amsterdam.
According to Mr. Dobrev, this has to do with the way that IPs are registered. IP addresses can be moved around, but it often takes a while for the registrar to update this information. Also, to further complicate the issue, there’s more than one registrar. However, this is not a security issue. Usually, within a few days, the IP address will show up where it needs to be.
What Do Bad Results Look Like?
However, not all tests will look this rosy. Generally speaking, IPv4, IPv6, and WebRTC leaks will happen the least. Your author has tested a lot of VPNs and has only come across a few of these. However, DNS leaks are a lot more common, so always be sure to look carefully through the DNS servers to make sure that you don’t spy your own IP address among them.
If you’re looking for a new VPN, our top pick is ExpressVPN. ExpressVPN offers its own DNS leak test, too.