Find out if your VPN leaks your IP address
Virtual Private Networks (VPNs) are used for a variety of purposes. Common reasons include protecting one's privacy on the Internet, improving the security of the Internet connection, bypassing censorships and blocks, and using it for business purposes.
If you use a VPN for privacy, regardless of whether that is your main reason for using it or just a nice addition, you may want to make sure that your "real" IP address is not leaked when you are connected to the VPN.
The reason for this is simple: there is no privacy if the device IP leaks.
The IP address links back to you directly. While a court order is usually required to link the IP to a name, it alone can reveal information such as the country and region you are connecting to directly.
Find out if your VPN leaks your IP address
It is suggested to verify that a VPN connection does not leak IP address information. I suggest you do so on every connect, but at least the first time you connect to it and maybe occasionally afterwards as well.
There are plenty of sites out there that you can use for the purpose. Good news is that you only need to load one of them to find out whether your VPN leaks information.
The site that I use frequently is IP Leak. You find other sites for that purpose listed on our privacy test resource listing.
Note: It is recommended that you disable any script blocker (including ad-blockers) when you run the test as they may block scripts from running on the site that are required to give you an accurate reading.
All you need to do is connect to the site, and wait for it to display the results of its analysis. This should not take longer than a couple of seconds.
IP Leak tests the following:
- The IPv4 IP address.
- The IPv6 IP address.
- Whether WebRTC leaks the IP address.
- Whether DNS leaks the IP address.
- Whether a proxy is used (if not transparent).
- Torrent address detection.
- Geolocation detection.
- Look up of the IP address that reveals Tor and AirVPN use, ISP, organization, country, and more using public databases.
- User agent and system information.
If you see different IP addresses or locations, say the correct one for the IPv4 IP address, and another for the IPv6 IP address, then there is a chance that third-parties that you connect to see both IP addresses as well.
You may want to make sure that the IP address and the country that IP Leaks displays after the test matches the VPN Provider's network.
Closing Words
It is highly recommended to run tests regularly to find out if your VPN connection leaks your IP address. While you may not want to do so on each connect, I recommend you do so at least on first connect, on every software update, and every now and then in between.
If you notice a leak, you may want to plug it before you start using the VPN. How that is done depends largely on the leak and the client you use to connect to the VPN.
Some VPN providers provide leak protection options in the VPN clients that they provide their customers with.
Now You: Talking about VPNs: which do you use and why?
If you use PureVPN deactivate IPv6 for now. The are OK using IPv4 but definitely leak the IPv6 address as I found out earlier this month (https://www.bitblokes.de/24014).
Just tried to connect to the IPLeak site (https://ipleak.net/) and found their server is down. Didn’t know Ghacks had that many readers, Martin! ;-)
I use PIA (Private Internet Access).
A denial of service on a dns leak tester would be quite uncommon :)
PIA not leaks the IP.
CyberGhost is good, no leaks.
Thanks for this article. Using PIA and CyberFox, WebRTC was leaking my IP address. Using the instruction on the website, I was able to plug the leak.
Your articles are “must read” everyday!
@Radrick cyberfox in privacy options has thing for preventing ip leak with webrtc
IP Leak is fine, indeed. I call dnsleaktest.com as well for the purpose. I’m not a VPN user but because I rely on dnscrypt for name resolution I happen to check any leak for the sake of certitude, and good thing I do because I’ve noticed two encrypted dns resolvers which, once checked with dnsleak (extended checking), showed that in fact the resolution was handled to 7-8 Google servers. This happened with adguard-dns-ns1 (which I never use, only wanted to test, and I believe this relay to Google was, is programmed) and another time with dnscrypt.org-fr, in that later case a total bug (which didn’t last) since dnscrypt.org-fr has one server of its own and should never relay to any other server! That was quite a surprise : how on hell did Google get in the way that day?
All this to demonstrate that checking dns resolvers may be worth it in other situations than when running a VPN.
Should be because of this: en.wikipedia.org/wiki/Google_Public_DNS
They are everywhere, Mwahahahahahahacoughcough
Yes but there isn’t any encrypted Google Public DNS. What happened in what I mentioned above is that my request was sent, encrypted, to a dnscrypt server, this dnscrypt server must have “de-crypted” my request and searched the resolution through non-encrypted Google servers, then encrypted the answer and sent it back to me… I’m not an expert, just trying to figure out how it may have happened. The question is, was : how can an encrypted DNS request transit through non-encrypted DNS resolvers? Anyway, without a DNS leak test I never would have known, so again : checking DNS leaks is essential and not only when using VPN/Proxy.
Ah, right! I thought you were saying maybe the service provider was using some Google tool behind the scenes, and if so what could it be and why on earth would Google be involved in the first place.
But you were talking about an encryption issue. I don’t know the reply either. It’s not necessarily bad depending on what the request looks like between the service provider and Google servers. Since I don’t know what it looks like, I can’t help!
In terms of security and privacy, I have managed to patch the browser that I am currently using in such a way as to pass all of the test on browserleaks. com, the only principle problem that I have left to find a solution for is the dreaded DNS leak(!)
although it may brake a lot of websites, noscript is an absolute must for anyone worried about browser privacy and security
PIA here, very satisfied with them. No leaks
I’ve been using Hotspot Shield for a while. Not sure if it’s the best but it seems to be a lot cheaper, and my speeds don’t drop that much. IP Leak seems to show it’s reasonably secure. Might change later if some other VPN makes a better offer.
That said, I hope we’re going to keep up to speed with this kind of technology on GHacks – one of the few online forums I seriously respect.
The reason being that after the new UK RIP provisions – nothing to do with terrorism unless you’re brain-dead and everything to do with a government aspiring to total control – I’m moving from using a VPN about 20% of the time to switching it on as default.
What do I do online that might be seen as wrong? Nothing, as far as I know. What do I do do online that’s absolutely no-one else’s business? Pretty much everything. People who don’t get that are part of the problem.
“Virtual Provider Networks (VPNs) are used…”
Sorry, Martin, it’s a Virtual PRIVATE Network.
You are right of course, corrected.
I found another site that is very similar to ipleak. It is https://cryptoip.info/ it appears to have a couple extra features. I like the fact that I can look up IP addresses manually. Oh and for whatever reason, cryptoip.info shows my correct city
IP and DNS leaks as well as other info that may be leaking can be checked also on http://dontleak.me/
I got a VPN last night (BlackVPN) and it passes this test on iPhone when running via OpenVPN. I just got the basic privacy one, not the one that supports Netflix and iPlayer streaming. So far it’s really good, but I have to be careful not to start the Pokemon Go app while the VPN is enabled because it could look like cheating. This is a PITA and there’s not much info about it online, and searches reveal the opposite info about how to cheat. Grr.
Also enabling BlackVPN via OpenVPN disables my main ad-blocker (Disconnect) because they both use the same type of VPN thingy on iOS. My other ad-blocker is unaffected, so I’ll be writing to Disconnect again.
If you’ve got this far into my comment you can see that just having a basic safe internet connection is becoming a PITA too these days – all this work just to avoid spying. And I haven’t even mentioned yet all the account and service issues that arise from using a VPN. For example Microsoft won’t let me check my Hotmail cos of their mandatory “it looks like you’ve been hacked” feature.
IVPN is my provider. no leaks. chose it because of it’s ethics regarding privacy. I also like the fact, that that they are members of EFF.
@Dave
same thing for me, before I dumped microsoft in favor of a paid-by email provider. a friend tried to check her gmail via my pc, but was blocked for the very same reason.
I’m using Steganos ‘OkayFreedom’ and your leak tests failed to find me. Said I was on the East Coast while I’m on the West Coast. Thanks for the links. I’m happy with my service and I can’t wait to try out some of the other services listed in the other article.
More and more VPN providers use their own DNS servers to prevent DNS leakage, but extra caution is always good. Furthermore a build in Kill-switch, killing all internet traffic in case the VPN connection gets lost is a necessity in my opinion aswell.
I don’t use a VPN, even less a whatever proxy. I’m neither a specialist nor paranoid and I conceive my approach may perfectly well be wrong, but as far as I see it now (and I don’t see that far!) should I wish to hide my true IP that I’d use TOR and TOR only. I’ve read several articles about VPNs and often noticed the disparity between critics, pointing one company as good the other as less, suggesting paid VPNs when free ones are less trustful etc. etc. … I mean, if I ask one expert he’ll tell me get this one and if I ask another expert he’ll warmly recommend another one : I just have no idea! And above all I just don’t know if my privacy would really be preserved. My “calling” IP does start from here then gets modified by that of a server, some users add onion peels to imitate the TOR process I guess like others add one anti-malware to another, leading to heavy environment and when it comes to VPNs a significant loss of UL/DL speeds. I’m really not motivated as you see, not to mention what I’ve read recently stating that government agencies have a predilection for users of VPNs (mainly TOR) and for those who run Linux-based OSs.
Don’t scream, please! As I said : I am and I am aware of not being a techie, to put it extra-mildly :)
The government controls the tor nodes. Using it could put you at more risk.
What government? What risk?
not only that, if you use any chromium-based browser (like Google chrome for example), the browser is already leaking your IP address, due to the chromium project (it’s fault of the project, not the browser!). here you have 2 options: you install an extension to block the browser from leaking the IP, or you install a non-chromim-based browser, like Firefox for example.
If you’re leaking IPv6 while using a VPN it’s best to just completely disable IPv6.
Here’s how for a Mac OS:
http://vpnreporter.com/disable-ipv6-mac-os-x/
@Tom – yes, there are indeed a number of VPN providers out there, and it can be a daunting task to find the best that suits your needs.
In my experience, free VPNs are not great as they can be slow, and some of them may even sell your data (there are no free lunches).
I don’t use a proxy and can’t really recommend using it as there are a number of disadvantages (https://bestvpnweb.com/vpn-vs-proxy/ ). But there are some really good VPN providers out there that can deliver good connection speed.
Different users have different reasons for using a VPN so you may need to try out a few good ones (some of them have 30 day money back guarantee) and see which suits best to your needs.