Are you trusting your VPN service to protect your privacy and security?
Most VPNs fail when it comes to protecting their users. The VPN checks and tests below are a basic outline for identifying problems.
It’s also important to note that various VPN features will frequently fail. This is especially the case with kill switches and various leak protection features, such as IPv6 leak protection.
Oftentimes, the VPN appears to be working fine on the surface, while leaving you exposed via leaks.
General leak testing procedures
Below are basic steps for identifying:
- DNS leaks
- IP address leaks (IPv4 and IPv6)
- WebRTC leaks
These basic instructions will help you to identify problems with your VPN. However, to be 100% certain if your VPN is secure, you would want to analyze all traffic from these tests. You could do this by hitting the testing sites and then use tcpdump or WinDump to analyze all the traffic for any leaks.
Here are a few testing sites you can use to check for different leaks:
- ipleak.net (IPv4, IPv6, WebRTC, and DNS)
- Perfect Privacy IP check (IPv4 and IPv6)
- Perfect Privacy WebRTC check (WebRTC)
- Perfect Privacy DNS check (DNS)
- test-ipv6.com (IPv4 and IPv6)
- dnsleaktest.com (use extended test)
- BrowserLeaks WebRTC Test
- ipx.ac (IPv4, IPv6, WebRTC, DNS, browser fingerprinting and more)
Test for active leaks
To test for active leaks, simply connect to a VPN server and visit the test site. You are checking to see how the VPN performs when the tunnel is active and stable.
You should test different VPN servers and also different encryption protocols.
Test for reconnection leaks
Reconnection leaks are more tricky because oftentimes they are brief. Here is the general procedure that may help to find reconnection leaks:
- Open a browser window and then load ipleak.net (or another test website) separately in numerous tabs.
- Simulate some kind of interruption with your VPN connection while also initiating the tests in rapid succession (loading the test website).
- Check every test result for a reconnection leak.
Reconnection leaks may be very brief or up to several seconds.
When you use the testing site ipleak.net, it is fairly easy to identify leaks and problems, especially when you are connected to a VPN server outside your country. Note, the WebRTC leak test will show local IP addresses (usually beginning with 10.xxx or 192.xxx or sometimes an alpha-numeric IPv6 address that is also local). These are not leaks, but rather your local IP addresses. If you see your real (Public) IPv4 or IPv6 under the WebRTC section, then these are indeed WebRTC leaks.
Below you can see that I redacted the IP addresses in red where I experienced leaks with a VPN Unlimited server in the UK.
With the test results above you find:
- IPv4 address from UK server, but my real IPv6 address below (leak).
- Local IP address on the left (redacted, not a leak), but my public IPv6 address on right (leak).
- IP address (DNS) from VPN server on left, but my internet service provider’s IP address on the right (DNS leak).
Now here are the test results when connected to a Perfect Privacy server in Dallas.
In the screenshot above you see:
- IPv4 and IPv6 addresses from the Perfect Privacy server
- Local IP addresses under WebRTC detection (no public IP addresses, no leaks)
- DNS addresses from Perfect Privacy servers (Perfect Privacy uses multiple DNS servers)
Note: The testing site is using international IP address databases (RIPE) for the location (which shows California in the example above). These location databases are not accurate and often outdated. To determine the true location of any VPN server, you need to ping the server from different worldwide locations using the steps in this guide. Based on my testing, all Perfect Privacy servers are in the stated location (including the Dallas server in the example above).
DNS leak test
The Domain Name System (DNS) is a system for converting URLs, such as restoreprivacy.com, into a numerical IP address, such as 22.214.171.124.
Without a VPN, this translation process is handled by your internet service provider (ISP). But this is a very bad thing, because your DNS requests are clear text logs of every website you visit. Internet service providers log these requests of their users. In the United States, the data can be sold to advertisers that want to target you based on your browsing history. In the UK and Australia, the data is recorded and stored for up to two years and is available to authorities for whatever they want to do with it.
A DNS leak occurs when these translation requests leak out of the VPN tunnel, exposing the IP address (and location) of your ISP, as well as your browsing history. Many VPNs do not provide adequate DNS leak protection, which means your DNS requests are still going to your internet service provider.
- Perfect Privacy DNS Leak Test (This site seems to detect DNS leaks when other websites do not find problems. Below the tests results you can also find a detailed explanation of DNS leaks.)
- IP/DNS Test at ipleak.net (This is another DNS leak test tool that also includes IP address leak results.)
Connecting to a VPN server outside your country makes detecting DNS leaks easier. You can see above there are two DNS requests leaking out while connected to a VPN server in the United States.
A DNS leak does not expose your IP address, but instead the IP address and location of your internet service provider (which can be linked back to you). Additionally, this exposes your browsing history (DNS requests).
Solution to DNS leaks: Find a VPN that uses its own secured, encrypted DNS resolvers. Below are three VPNs that use only their own secure DNS resolvers and did not have any leaks (based on my testing):
- Perfect Privacy (based in Switzerland; read review)
- VPN.ac (based in Romania; read review)
- ExpressVPN (based in the British Virgin Islands; read review)
You can also manually configure your DNS requests to use other third party options. Here’s a list of alternative DNS options from WikiLeaks.
IP address leak test (IPv4 and IPv6)
IP leaks are a major problem that many VPN users aren’t aware of. One study of Android VPN apps found that 84% of the VPNs leaked the user’s IP address.
IP address leaks are especially problematic with IPv6 addresses because this is a globally unique address.
While many VPNs block IPv6 connectivity, this still isn’t a good solution given the growing use of IPv6. The best option is a VPN that offers full IPv6 support, thereby providing you with an IPv4 and IPv6 address.
Testing for IP address leaks with your VPN is relatively simple with the methods outlined above.
Solution for IP leaks: The best solution is to simply get a VPN that does not leak.
If you have IPv6 leaks, you can either manually disable IPv6 connectivity on every device you use with your VPN, or you can get a VPN that fully supports IPv6.
You can also create firewall rules for your devices to only allow internet connectivity through your VPN.
WebRTC leak test
A WebRTC leak test is important for anyone using Firefox, Chrome, or Opera browsers.
A WebRTC leak occurs when your IP address leaks out via WebRTC APIs. Here are three different WebRTC leak tests:
- Perfect Privacy WebRTC Test (This tool will test to see if you have a WebRTC leak, while also providing a detailed explanation of WebRTC leaks at the bottom of the page.)
- BrowserLeaks WebRTC Test (Another WebRTC test that works well, also includes helpful WebRTC information.)
Solution for WebRTC leaks: Aside from the obvious solution of using a good VPN that doesn’t leak, you can also disable WebRTC in your browser.
VPN speed test
If you’re looking to test VPN speed, here are two options:
What affects VPN speed?
There are many factors affecting speed that you should consider when testing. Here are a few:
- Distance between you and the VPN server – This is usually the biggest factor affecting speed. The further the distance, the slower the speed.
- Number of users on the VPN server – With so many VPNs over-selling their services, “popular” VPNs often have overloaded servers which results in slow speeds and dropped connections. Look for a VPN that provides a server status page with real-time bandwidth information. Two examples of this are VPN.ac (see VPN Nodes Status at the top of the page) and Perfect Privacy’s server status page.
- Regional bandwidth restrictions – Many countries have poor bandwidth infrastructure, which will limit your speed, regardless of how fast your ISP or VPN server is. A few examples of this are Germany and Australia. Another regional consideration is how many people are online at a given time of the day. High usage times can slow down speeds for everyone.
- Internet Service Provider – No matter how fast a VPN server is, it won’t be faster than the speed provided by your ISP. The only exception to this rule is if your ISP is throttling (limiting) your bandwidth. They sometimes do this if you’re doing something they don’t like (such as torrenting). A VPN can potentially help with this issue by encrypting your connection and hiding your online activity from your ISP.
- Processing Power – Whenever you’re using a VPN, your computer is working in the background to encrypt and decrypt packets of information. This takes processing power. The faster your internet speed when using a VPN, the more processing power is needed. So even if your ISP and VPN are fast, your CPU may be limiting your full speed potential (but this mainly applies to very high speeds).
If your VPN is failing these tests, you have two options:
- Work with the VPN support department to try to patch or fix the issues; or
- Get a high quality VPN that won’t leak.
If you want to save yourself the time, money, and hassle, go with a high-quality VPN service that doesn’t leak.