VPN Leaks

By Jayden Andrews. October 16, 2019

Many people use VPNs to encrypt their communications, mask their identity, or even access the web from a different location. A trustworthy VPN is an excellent way to keep your internet usage private and secure. It goes without saying that if you value your online security and privacy, then a VPN is an essential tool.

But did you know that crucial information, such as your IP and DNS information, can sometimes leak out of a VPN connection? VPN leaks can reveal more data to miscreants than you can realize.

Most VPNs encrypt crucial data that you send over their connection. So, you would expect information like your passwords and credit card numbers to remain safe. However, this is not the only information you are sending over that connection. So, how do you know if your VPN is working as expected, or you are unwittingly leaking crucial data to prying eyes?

Wasting no time, let’s look at what kind of information your VPN can leak, how it happens, and most importantly, how to test for VPN leaks.

Top VPNs
1NordVPN
Rating:
9.8
Price from:
$3.49/mo
2Surfshark
Rating:
9.6
Price from:
$1.99/mo
3PrivateVPN
Rating:
9.3
Price from:
$1.95/mo

How VPN Leaks Occur?

How a VPN works is pretty straightforward. First, you install a VPN package on your device, and then the software will capture all your network traffic and reroute it via an encrypted tunnel. As perfect as it may sound, online security and privacy are perpetually a cat-and-mouse game. No system is flawless. Over time, vulnerabilities, which can jeopardize your security, can be discovered, and VPNs are no exception. Here are some ways in which your VPN can leak crucial information:

IP Leaks

Many people use VPNs, specifically to get around location restrictions. When you connect through a VPN, your original IP is hidden, and your device uses the IP address provided by the VPN service. However, your VPN might still leak your IP address because of flawed protocols or a bug. So, what is an IP leak? It is the disclosure of your real IP address, while connected to a VPN service. While most IP leaks can affect any network protocol on your device, dependable VPN services usually incorporate workarounds into their software.

How to Check for IP Leaks?

Here are some useful tips that can help you verify whether your VPN service is working as expected or leaking your IP address. Please follow the steps below:

  • First, you have to disconnect your VPN. After that, head to Google and search “What is my IP address”, which should reveal your real IP address at the top of search results. Alternatively, you can check your IP addresses using free leaks-testing websites, such as ipleak.org or browserleaks.com
  • Now, sign in to your VPN and connect to the server of your choice. Before you check the new IP, verify twice that you are connected.
  • Once you have activated your VPN, go to Google again, and then check for your new IP address.
  • Compare the two IP addresses. In both situations, the same set of information should be displayed to you. So, if you have the same results (IP addresses) in both cases, then your IP is leaking, and that is a serious concern.
Best VPN offers

Surfshark$1.99 / moSave 83%NordVPN$3.49 / moSave 70%Outbyte VPN$5.00 / moSave 38%

How to Fix IP Leaks?

Many people use VPNs, specifically to get around location restrictions. When you connect through a VPN, your original IP is hidden, and your device uses the IP address provided by the VPN service. However, your VPN might still leak your IP address because of flawed protocols or a bug. So, what is an IP leak? It is the disclosure of your real IP address, while connected to a VPN service. While most IP leaks can affect any network protocol on your device, dependable VPN services usually incorporate workarounds into their software.

DNS leaks

Domain Name System (DNS) server acts as a central address book that cross-references web locations with their numerical IP addresses that computers use. Each website usually has a unique mathematical IP that computers use to find them. But because we are not good at remembering long numerical strings, each internet resource is assigned a more memorable and easy-to-understand address, for instance, Outbyte.com. With a VPN enabled, DNS requests should be first routed through the encrypted tunnel to the VPN server. In this case, the requests are proxied by the VPN server, so there shouldn’t be much risk here.

However, DNS leaks can happen because of a poorly configured VPN connection. They can also occur due to interruption in your service, causing internet traffic to pass through other channels other than the VPN tunnel. The real risk is that the DNS requests may carry along personally identifiable information. Actually, this risk is almost similar to and IP leaks.

01

How to Test for DNS Leaks?

Because of the close similarity to IP leaks, testing for DNS leaks is almost similar to the previous leak test. Here, we are checking at the DNS servers instead of the IP addresses. So, here is how the process goes:

  • Disconnect your VPN, and then go to ipleak.org or browserleaks.com. Unless you have configured your device’s DNS settings, you should see your ISP’s DNS servers.
  • Now, log into your VPN and connect to a server of your choice. Once you have done that, go the same test page and refresh it to reveal the new DNS information.
  • Check the DNS server results. If it is the same as the previous test (your ISP’s DNS servers), then you know your VPN is leaking DNS requests.
02

How to Fix the Issue and Prevent Future DNS Leaks?

Because of the close similarity to IP leaks, testing for DNS leaks is almost similar to the previous leak test. Here, we are checking at the DNS servers instead of the IP addresses. So, here is how the process goes:

WebRTC leaks

Web Real-Time Communication is a useful tool that enables browsers to incorporate features that allow video and audio communication to work within web pages. Some applications that rely on WebRTC include Facebook Messenger, Google Hangouts, Amazon Chime, and Discord, among others. WebRTC usually uses clever techniques to figure out the right IP address to enable it navigate around firewalls, which might otherwise compromise real-time connection from taking place. While this tool can help to deliver content more quickly, there is a downside. WebRTC can leak your IP address, even when the VPN is turned on. That is why some people treat this tool as an obstacle to online privacy. The funny thing is that WebRTC leaks have nothing to do with how robust your VPN is, but mainly WebRTC shortcomings within your browser. Sadly, WebRTC is almost always enabled by default in most browsers, such as Mozilla, Chrome, and Opera. In fact, Chrome and Firefox have implemented WebRTC that let STUN (Session Traversal Utilities for NAT) servers return the local and public IP addresses for a particular user.

01

Testing for WebRTC Leaks

If you want to find out if you are affected by WebRTC leaks, follow the steps below to get a reliable answer:

  • Disconnect your VPN and make a note of your public IP address. Don’t worry about the local (internal) IP, as it isn’t personally identifiable information.
  • Next, log into your VPN and connect to a specific VPN server location. After that, refresh the browser page to return the new address.
  • Finally, check if the right public address is shown when the VPN is on. If that is the case, your VPN is leaking WebRTC.
02

How to Fix WebRTC Leaks and Prevent Future Occurrence?

The easiest way to resolve this flaw is to disable the WebRTC feature in your browsers. With the help of VPN browser extensions, you can disable the WebRTC functionality. But the best way to tackle the problem is to use a reliable VPN service. While WebRTC isn’t necessarily your VPN’s fault, some VPNs offer a WebRTC blocking feature.

IPv6 Leaks

Until recently, the whole internet relied on the Internet Protocol version 4 (IPv4) standard to classify IP addresses. An IPv4 address will look like ‘172.16.254.1′ (without quotes). Due to the unprecedented rise in internet use, this technology has so far been replaced by a new standard – IPv6. Unlike IPv4, IPv6 uses 128-bit internet address, which looks like 2001: 0db8: 0012: 0001: 3c5e: 7354:0000:5db1. Unfortunately, the vast majority of internet addresses still rely on the IPv4 standard, which can only support up to 32-bit web address. The adoption of IPv6 has been slow, mainly due to backward compatibility, upgrade costs, and sheer laziness. Consequently, the situation has forced websites that support the IPv6 standard to adopt a dual-tiered approach. Sadly, some VPN services were created only with consideration to protect your IPv4 address, so they may fail to direct the IPv6 traffic through the VPN tunnel. What it means is that when you connect to an IPv6 supported website, your browser will make the DNS request outside the VPN framework, which is mainly handled by your ISP. What you should also note is that IPv6 leaks cause both DNS and IP leaks.

01

How to Test for IPv6 Leaks?

  • The first thing to do is to check if you have an IPv6 address. Please note that some ISP offers may not have them.
  • To simplify the process, use either browserleaks.com or ipleak.org to test for leaks before you connect the VPN. Check the IPv6 Leak Test section. If an IPv6 address is detected, it will display.
  • Now, run the test once more with your VPN connection on and see if your real IPv6 address will reappear. If it does, then your VPN is leaking IPv6.
02

How to Fix and Prevent IPv6 Leaks?

There are two main ways to prevent IPv6 leaks from happening:

  • Enable the IPv6 leak protection feature in your VPN’s app settings. Doing this will block IPv6 traffic. But should be careful not to mess with other crucial settings. Please also note that some VPNs may not provide the feature.
  • If you can’t perform the above trick, then try to disable IPv6 at OS or router level. Check out the guide provided by your VPN before trying anything.
03

Important Tip:

Rather than blocking IPv6, it is better to pick a VPN service that supports it.

Conclusion

Based on the above exposition, it is obvious that no system is perfect. No matter how secure your VPN service is, always run some leak tests. Doing that is the only way to find gaps in your VPN armor, and consequently, seal the leaks before they expose you to the world. As with all things VPN, your best bet is to subscribe to a premium service from a reliable provider.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)