VPN Leak Test: Is Your VPN Actually Hiding Your IP?

You paid for a VPN. You clicked connect. The app shows a green checkmark and says "Protected." But is your real IP address actually hidden? Are your DNS requests going through the VPN tunnel, or leaking back to your ISP?

This guide walks you through three quick tests anyone can run in under two minutes. No technical knowledge required.

---

Test 1: The Basic IP Check (30 Seconds)

What you need: Your VPN app, this website Step 1: Disconnect your VPN completely. Visit our IP checker. Write down:
  • Your IP address

  • Your city and country
  • Your ISP name

Step 2: Connect to your VPN. Choose any server location (e.g., "Netherlands" or "New York"). Step 3: Refresh the IP checker. You should see:
  • A different IP address

  • A different city/country (matching your VPN server)
  • A different ISP (your VPN provider, not your home ISP)

If your IP hasn't changed, your VPN is not working. Common causes:
  • The VPN connection failed silently (check the app for error messages)

  • Split tunneling is enabled and your browser is excluded from the VPN
  • You're using a proxy extension in your browser that overrides the VPN
  • Your VPN app's kill switch blocked all traffic when the connection dropped

If your IP changed but your ISP is still the same, something is partially wrong. Proceed to Test 2.

---

Test 2: The DNS Leak Test (45 Seconds)

What you need: VPN connected, our security analysis page

Your IP address might be hidden, but your DNS requests—the "address lookups" that happen every time you visit a website—might still go through your ISP's servers. This is called a DNS leak.

Why it matters: Your ISP can see every domain you visit (e.g., "you visited reddit.com at 2:15 PM") even if they can't see the specific page or your password. A VPN should route DNS through its own servers so your ISP sees nothing. How to test:

1. Connect your VPN 2. Visit ITSafety.info/security-analysis 3. Look for the "DNS Servers" section in the results 4. Check if the DNS servers match your VPN provider's location (e.g., Netherlands DNS for a Netherlands VPN server)

What you want to see:
  • ✅ DNS servers in the same country as your VPN server

  • ✅ DNS servers operated by your VPN provider (e.g., "NordVPN DNS", "Mullvad DNS")

Red flags:
  • ❌ Your real ISP's DNS servers still appear (e.g., "Comcast DNS", "Verizon DNS")

  • ❌ DNS servers in your real country while VPN claims to be elsewhere

How to fix DNS leaks: NordVPNSettings → Connection → Use custom DNS → Off SurfsharkSettings → Connectivity → CleanWeb → On (includes DNS) ExpressVPNBuilt-in leak protection, usually automatic Manual/OpenVPNSet DNS servers manually to 1.1.1.1 (Cloudflare) or your VPN's DNS

If your VPN app has a "DNS leak protection" toggle, enable it. If the problem persists, your VPN may not actually be routing DNS through the tunnel—a configuration error on their end, or a fundamental limitation of their protocol.

---

Test 3: The WebRTC Leak Test (30 Seconds)

What you need: VPN connected, any browser

WebRTC is a browser technology that enables video calls, screen sharing, and peer-to-peer file transfers. It has a feature called "ICE" that discovers your network interfaces to establish direct connections. The problem: ICE can discover your real IP address even when your VPN is active.

How to test:

1. Connect your VPN 2. Visit our IP checker 3. Look at the "WebRTC Detection" section

What you want to see:
  • ✅ "WebRTC: Disabled or VPN IP only"

  • ✅ No local IP addresses (192.168.x.x or 10.x.x.x) visible

Red flags:
  • ❌ Your real local IP address appears alongside the VPN IP

  • ❌ Your real public IP appears in the WebRTC section

How to fix WebRTC leaks: ChromeInstall WebRTC Leak Prevent extension Firefoxabout:configmedia.peerconnection.enabled → set to false SafariWebRTC is disabled by default ✅ BraveBuilt-in WebRTC IP handling → set to "Disable non-proxied UDP"

Trade-off: Disabling WebRTC breaks Google Meet, Discord video calls, and some online games. If you need those, use the extension approach (Chrome) or Brave's advanced settings instead of fully disabling.

---

Test 4: The IPv6 Leak Test (Optional, 30 Seconds)

Most ISPs now provide IPv6 addresses alongside IPv4. Some VPNs only tunnel IPv4 traffic, leaving IPv6 exposed.

How to test:

1. Connect your VPN 2. Visit our IP checker 3. Check if an IPv6 address is displayed

What you want to see:
  • ✅ No IPv6 address shown, OR

  • ✅ An IPv6 address in the same country as your VPN server

Red flags:
  • ❌ An IPv6 address that belongs to your ISP, not your VPN
How to fix:
  • Disable IPv6 at the operating system level (Windows: Network settings → Adapter → IPv6 → Uncheck; macOS: Terminal → networksetup -setv6off Wi-Fi)

  • Or: Choose a VPN that explicitly supports IPv6 tunneling (Mullvad, ProtonVPN)

---

What to Do If Tests Fail

Test 1 failed (IP didn't change):

1. Disconnect and reconnect to a different VPN server 2. Restart your VPN app 3. Check for split tunneling settings and disable them 4. Try a different VPN protocol (WireGuard vs OpenVPN vs IKEv2) 5. Contact your VPN provider's support

Test 2 failed (DNS leaking):

1. Enable "DNS leak protection" in your VPN app settings 2. Manually set DNS to 1.1.1.1 (Cloudflare) or 9.9.9.9 (Quad9) 3. If using Windows, flush DNS cache: ipconfig /flushdns 4. If the leak persists, your VPN is fundamentally not routing DNS—consider switching providers

Test 3 failed (WebRTC leaking):

1. Apply the browser-specific fix above 2. If you need WebRTC for video calls, use Brave browser with "Disable non-proxied UDP" setting 3. If you don't need WebRTC, disable it entirely in Firefox

Test 4 failed (IPv6 leaking):

1. Disable IPv6 on your device (temporary fix) 2. Switch to a VPN with native IPv6 support (permanent fix)

---

Verification Checklist

Before trusting your VPN with sensitive activities, confirm:

  • [ ] IP address changed from real location to VPN server location

  • [ ] DNS servers match VPN provider, not home ISP
  • [ ] No WebRTC leaks showing real IP
  • [ ] No IPv6 leaks (or IPv6 disabled)
  • [ ] Kill switch is enabled (prevents traffic if VPN disconnects)

Run these tests monthly. VPN apps update, browser settings reset, and configurations drift. What worked last month may leak today.

---

Recommended VPNs with Built-in Leak Protection

Not all VPNs handle leaks equally. Based on our testing:

  • Mullvad: Best-in-class leak protection, IPv6 support, no-logs, but no streaming unblocking

  • ProtonVPN: Strong leak protection, Secure Core servers, free tier available
  • NordVPN: Built-in kill switch and DNS leak protection, fast speeds, good for streaming
  • Surfshark: Unlimited devices, CleanWeb blocks ads and trackers alongside VPN

Avoid free VPNs for leak protection. Most free VPNs don't invest in proper DNS routing or WebRTC handling. The cost is your data, which they often sell.

---

Start Testing Now

Run the full VPN leak test →

It takes 60 seconds and checks IP, DNS, WebRTC, and IPv6 in one scan. No signup, no data stored.

If your VPN passes all tests, you're genuinely protected. If it fails any test, fix it before trusting it with sensitive browsing.