Are you trusting your VPN service to protect your privacy and security?
Be careful. Most VPNs fail when it comes to protecting their users. That’s why it’s important to extensively test your VPN for problems using the methods outlined below.
Many VPNs will appear to be working fine when the connection is active and everything is stable. But oftentimes VPNs will leak during brief network interruptions.
Everything may seem fine on the surface, but your VPN may be leaking your data and exposing your identity.
General leak testing procedures
Below are basic instructions for identifying:
- DNS leaks
- IP address leaks (IPv4 and IPv6)
- WebRTC leaks
These basic instructions should allow you to identify problems with your VPN. However, a more accurate method would be to analyze all network traffic for leaks using tcpdump or WinDump. (But this guide is designed for general users who don’t want to analyze traffic.)
Here are a few testing sites you can use to check for different leaks:
- ipleak.net (IPv4, IPv6, WebRTC, and DNS)
- Perfect Privacy IP check (IPv4 and IPv6)
- Perfect Privacy WebRTC check (WebRTC)
- Perfect Privacy DNS check (DNS)
- test-ipv6.com (IPv4 and IPv6)
- dnsleaktest.com (use extended test)
- BrowserLeaks WebRTC Test
- ipx.ac (IPv4, IPv6, WebRTC, DNS, browser fingerprinting and more)
I like to use ipleak.net as a general all-in-one testing site (created by AirVPN) along with the different Perfect Privacy test tools.
Another good all-in-one option is ipx.ac, which was created by VPN.ac.
Test for active leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are checking to see how the VPN performs when the tunnel is active and stable.
You should test different servers and also different encryption protocols.
Test for reconnection leaks
Reconnection leaks are more tricky because oftentimes they are brief. Here is the general procedure:
- Open a browser window and then load ipleak.net (or another test website) separately in numerous tabs.
- Simulate some kind of interruption with your VPN connection while also initiating numerous tests (loading the test website).
- Check every test result for a reconnection leak.
If your VPN is leaking during reconnection this method should reveal that issue.
DNS leak test
The Domain Name System (DNS) is a system for converting URLs, such as restoreprivacy.com, into a numerical IP address, such as 205.251.197.66. This translation process is normally handled by your internet service provider (ISP), except if you’re using a VPN service. A DNS leak occurs when these translation requests leak out of the VPN tunnel, exposing the IP address (and location) of your ISP, as well as your browsing history.
Testing sites:
- Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other websites do not find problems. Below the tests results you can also find a detailed explanation of DNS leaks.)
- IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address leak results.)
Connecting to a VPN server outside your country makes detecting DNS leaks easier. You can see above there are two DNS requests leaking out while connected to a VPN server in the United States.
A DNS leak does not expose your IP address, but instead the IP address and location of your internet service provider (which can be linked back to you). Additionally, this exposes your browsing history (DNS requests).
Solution to DNS leaks: Use a VPN that uses its own secured, encrypted DNS system. Two VPNs that use their own secured DNS system are:
- Perfect Privacy (based in Switzerland; read review)
- VPN.ac (based in Romania; read review)
You can also manually configure your DNS requests to use other third party options. Here’s a list of alternative DNS from WikiLeaks.
IP address leak test (IPv4 and IPv6)
IP leaks are a major problem that many VPN users aren’t aware of. One study of Android VPN apps found that 84% of the VPNs leaked the user’s IP address.
IP address leaks are especially problematic with IPv6 addresses because this is a globally unique address.
While many VPNs block IPv6 connectivity, this still isn’t a good solution given the growing use of IPv6. The best option is a VPN that offers full IPv6 support, thereby providing both an IPv4 and IPv6 address when you use the VPN server.
Never trust “leak protection” features without testing. Here is one result from the PureVPN review:
Testing for IP address leaks with your VPN is relatively simple with the methods outlined above.
Test sites:
Solution for IP leaks: The best solution is to simply get a VPN that doesn’t leak.
If you have IPv6 leaks, you can either manually disable IPv6 connectivity on every device you use with your VPN, or you can get a VPN that supports IPv6.
You can also create firewall rules for your devices to only allow internet connectivity through your VPN.
WebRTC leak test
A WebRTC leak test is important for anyone using Firefox, Chrome, or Opera browsers.
A WebRTC leak occurs when your IP address leaks out via WebRTC APIs. Here are three different WebRTC leak tests:
- Perfect Privacy WebRTC Test (This tool will test to see if you have a WebRTC leak, while also providing a detailed explanation of WebRTC leaks at the bottom of the page.)
- BrowserLeaks WebRTC Test (Another WebRTC test that works well, also includes helpful WebRTC information.)
- ipleak.net
Solution for WebRTC leaks: Aside from the obvious solution of using a good VPN that doesn’t leak, you can also disable WebRTC in your browser.
VPN speed test
If you’re looking to test VPN speed, here are two options:
What affects VPN speed?
There are many factors affecting speed that you should consider when testing. Here are a few:
- Distance between you and the VPN server – This is usually the biggest factor affecting speed. The further the distance, the slower the speed.
- Number of users on the VPN server – With so many VPNs over-selling their services, “popular” VPNs often have overloaded servers which results in slow speeds and dropped connections. Look for a VPN that provides a server status page with real-time bandwidth information. Two examples of this are VPN.ac (see VPN Nodes Status at the top of the page) and Perfect Privacy’s server status page.
- Regional bandwidth restrictions – Many countries have poor bandwidth infrastructure, which will limit your speed, regardless of how fast your ISP or VPN server is. A few examples of this are Germany and Australia. Another regional consideration is how many people are online at a given time of the day. High usage times can slow down speeds for everyone.
- Internet Service Provider – No matter how fast a VPN server is, it won’t be faster than the speed provided by your ISP. The only exception to this rule is if your ISP is throttling (limiting) your bandwidth. They sometimes do this if you’re doing something they don’t like (such as torrenting). A VPN can potentially help with this issue by encrypting your connection and hiding your online activity from your ISP.
- Processing Power – Whenever you’re using a VPN, your computer is working in the background to encrypt and decrypt packets of information. This takes processing power. The faster your internet speed when using a VPN, the more processing power is needed. So even if your ISP and VPN are fast, your CPU may be limiting your full speed potential (but this mainly applies to very high speeds).
Got leaks?
If your VPN is failing these tests, you have two options:
- Work with the VPN support department to try to patch or fix the issues; or
- Get a high quality VPN that won’t leak.
If you want to save yourself the time, money, and hassle, go with a high-quality VPN service that doesn’t leak.
I have pure VPN and with a few exceptions I find it pretty good. I am not sure what it is related to, but there are some DNS leaks with it dependant upon the test. PureVPN seems to pass all tests you throw at it from your blog, except the DNS tests. It passed DNS leaks across 4 other web sites showing google in chile. However, on your DNS leak tets 4 of the listed addresses were not mine, but the IP of my service provider. What does that mean? I have not run into any blocked sites of yet, and have been using it for some time. I know that there are a few sites that rank it as pretty good, as not being in one of those 14 nations. I just wanted to know what those DNS leaks meant where they were not detected on DNS leak test or some others but were found on yours. Thanks.
Hi John. When you run a DNS leak test and see the IP address of your internet service provider, that means your DNS requests are leaking out of the VPN tunnel and being handled by your ISP. A DNS request is just a simple translation that converts a regular website URL into an IP address. Without a VPN, your ISP will handle all of these requests when you visit various websites. This is an easy way for ISPs to monitor and record every website you visit. It also is a privacy issue because when these requests are leaking it can be traced back to your location and internet service provider (and essentially you). So this is bad from a privacy standpoint.
The test results may vary depending on which testing website you are using, which VPN apps, operating system, settings, and other variables. You can manually change/configure your operating system to use some other DNS, but you definitely don’t want to be having these DNS leaks with your ISP. For a nice overview on the DNS issue, VPN.ac put together a good article here.
ive got hide.me VPN Android have you tested this vpn they have a windows version also its got good ratings in a few vpn reviews
Hi John, no I have not tested it yet – but hopefully in the next few months.
Have you tested 360 Total security Turbo VPN comes with 360 total security Windows
Hi John, no I have not tested it. But from what I can find all of the products you mentioned (360 Total Security and its Turbo VPN) are offered by Qihu 360 – a Hong Kong company. Looking at Qihu 360’s Privacy Policy, I find they are collecting extensive amounts of data from their users, including all browsing history, devices, and personal information. So from a privacy perspective, I would not personally stay away from this company and all of their products.
thanks for feedback i decided to use virus total the 360 security app android result scan was 4 out of 60 detected one being a trojan spy Jiangmin . opened my eyes a bit
Yep, lots of Android VPN apps contain malware and tracking. Good job testing it out with VirusTotal.
You particularly point out PureVPN which I had recently purchased. I have a knowledge of an average computer user.
I read that you can use the OpenVPN client and just use the PureVPN servers. This will essentially remove the PureVPN software from the equation. Would this solution work?
One troubling aspect I do encounter when I use Pure VPN is that it seems some websites block PureVPN server addresses because I guess their users are known for unscrupulous activity? I just want to maintain my privacy and security, that’s all.
Can you recommend anything I can do?
Hi Johnson, you can definitely use third party OpenVPN clients, but I suspect you will still have problems. The DNS leaks, for example, are a problem with the server network and the way it’s configured. When I pointed this problem out, PureVPN’s “solution” was to use Google DNS. Well that puts your data in the hands of Google – the opposite of privacy. The IP leaks are likely a network and software issue – but you can test it out to see. One great option is Viscosity, which works on Windows or Mac. You can try it free for 30 days, after that you’ll need to buy the license for $9 (lifetime). Free clients include Tunnelblick (Mac OS) and OpenVPN GUI (Windows).
Regarding blocked websites, you are correct – that’s usually caused by spammers using the VPN, and then those IP addresses getting banned. The only solution here is to find another server. You may want to cut your losses and go with another provider, but you can test out PureVPN with the third party clients first to see how well it works.