Data leaks happen when your virtual private network or web browser fails to protect your privacy. It means that your real IP address is exposed to your Internet Service Provider, so your browsing activity is compromised
If you are downloading illegal torrents, for instance, your ISP can send you a warning, throttle your bandwidth or even contact the local authorities to report you. If your anonymity is put in jeopardy by a VPN connection drop while you’re using a public, insecure Wi-Fi hotspot, your credit card information, personal photos, work documents, and other sensitive files can get stolen by hackers.
Regularly check your VPN connection for IP leaks
Therefore, it’s crucial to frequently verify your VPN connection for data leaks and resolve any errors as soon as possible. In this article, we are showing you not only how to run tests for IPv4/IPv6, DNS and WebRTC leaks, but also how to stop them from happening.
This is essential for continuously protecting your online anonymity without fearing that you will become the victim of criminal activities, like hackers trying to run man-in-the-middle attacks and steal your sensitive data.
An IP address represents the online identity associated with your router, used for exchanging data packets with other computers over the Internet. Since it’s possible for anyone to pinpoint your exact physical location on the world map by analyzing your IP address, people concerned with their online privacy and security have resorted to VPN services for cloaking their location by receiving a fake IP address.
IPv4 addresses have the 127.0.0.1 format and are assigned to most devices with an Internet connection. Meanwhile, IPv6 addresses have a longer format, such as 0:0:0:0:0:ffff:7f00:1, and are slowly growing in numbers. The problem is that some VPN services aren’t fully compatible with IPv6 addresses, so they might inadvertently leak your data.
DNS servers are used by computers to translate hostnames (like FindYourVPN.com) into IP addresses so they can be understood by other devices. Just like IP addresses, DNS servers are provided by ISPs, too, but it’s not mandatory to use your ISP’s DNS configuration, thanks to the fact that there are many free, public and secure DNS addresses available on the web.
A good VPN application not only masks your IP address by replacing it with a fake one but also drops the DNS servers supplied by your ISP in favor of its own DNS addresses. If it fails to do this, it means that the VPN service is exposing the hostnames of the domains you’re using to your ISP, thus compromising your privacy.
WebRTC is an open-source project developed to facilitate real-time audio and video communication between web browsers and mobile apps. However, it unintentionally delivers a huge blow to VPN users because it can easily expose real IP addresses with the help of the web browser, thus becoming WebRTC leaks.
In fact, WebRTC can reveal not only your real IP address but also your local address that should normally be accessible to your internal network alone. To make things clear, WebRTC leaks don’t happen due to a problem with the VPN client, but with the web browser and any application which uses browser functionality, like Facebook Messenger, Discord and Amazon chime.
Why do IP leaks happen in the first place
There are multiple reasons why your Internet connection might be leaking your real IP address to visited websites. For example, if WebRTC is enabled in your web browser, then you must definitely take all the necessary steps for disabling it, whether you want to do to this yourself by tinkering with the built-in browser settings or request the help of a browser addon that automatically takes care of this problem for you. Other reasons for IP leaks include:
IPv6 requests ignored by the VPN service
The ISP is in charge of assigning an IP address to your router. Most broadband providers implement IPv4 addresses because they are more popular than IPv6, but there’s a possibility that you might end up with an IPv6 address if this is what you want.
An independent study conducted in 2015 demonstrated that 10 out of 14 VPN providers leak IPv6 addresses. Unfortunately, most VPN services have not yet integrated support for IPv6 addresses, which means they will automatically ignore any IPv6 requests to establish a secure Internet connection. Subsequently, your real IPv6 address will be unintentionally exposed due to this incompatibility.
DNS leaks made by IPv6 configuration issues
When you are associated with an IPv6 address, you have to configure all your devices with an Internet connection in such a way that they all become compliant with IPv6. But this task is rather difficult to accomplish if you don’t turn to the help of a specialist.
Further, you must get in touch with your ISP to get permission for enabling IPv6 on your network, and some of them are not willing to do this. Otherwise, if IPv6 is not properly configured on all Internet-based devices, you will be in danger of exposing your real DNS to the outside world.
DNS leaks made by transparent DNS proxies
In an effort to stop casual users from using their own DNS servers and protect their online privacy, some Internet Service Providers have implemented transparent DNS proxies. This technology is designed to intercept DNS requests and redirect them to the ISP’s preferred DNS servers. Other types of actions that can be done with the help of transparent DNS proxies are caching and redirection.
How to check for IP leaks
Here’s how you can easily test your Internet connection for IP leaks with the aid of online services:
- Without encrypting your connection, go to a website like IPLeak and take note of your real IPv4, IPv6, and DNS addresses
- Launch your VPN service, connect to any server, and verify that you have successfully connected
- Go back to the same website you used before to take note of the current IPv4, IPv6 and DNS addresses. If they are the same as before, then your VPN service is leaking data somehow. Otherwise, it works fine.
- If there’s ANY IP address shown at WebRTC detection, it means that you have to configure your browser to disable WebRTC (more on this later)
Note: If you want to be 100% sure about the test results, perform these tests on multiple online services, in case any of them is not working properly.
How to stop IP leaks
If your Internet connection is exposing your real IP address, it’s not the end of the world since the problem can still be fixed. Besides regularly checking your connection for IP, DNS and WebRTC leaks, you can look into the following solutions:
1. Don’t use free VPN
As tempting as it may sound to use free VPN services, you’re actually better off if you get equipped with a premium application. The fact of the matter is that there is no VPN company out there willing to provide you with top-notch privacy and security for free. Maintaining high-quality VPN features is really expensive, and anyone trying to prove you differently is just lying to your face.
You may not have to pay for the so-called “free” VPN service with money, but you are unwillingly giving the company something more valuable: details about your browsing activity that can be used to put together a personalized profile and sell it to marketing companies. Needless to say, you shouldn’t put faith in a free VPN provider when it comes to data leaks.
2. Use custom DNS servers
As previously mentioned, DNS servers are also provided by your ISP, just like your IP address. If you employ the services of a VPN service, it should also have its own database of DNS servers to use as the preferred DNS configuration. But it’s not the end of the world if the VPN app lacks this feature. Instead, you have to take matters into your own hands.
There are many free and secure DNS servers that you can manually assign to your VPN service, assuming that it has a special settings page dedicated to custom DNS addresses. These are some popular solutions that you can try out:
|Provider||Preferred DNS (IPv4)||Alternate DNS (IPv4)||Preferred DNS (IPv6)||Alternate DNS (IPv6)|
|Google Public DNS||188.8.131.52||184.108.40.206||2001:4860:4860::8888||2001:4860:4860::8844|
|Comodo Secure DNS||220.127.116.11||18.104.22.168||–||–|
3. Use DNSCrypt to prevent DNS spoofing
If you want to further protect your DNS server configuration, you can turn to DNSCrypt to stop hackers from attempting to perform man-in-the-middle attacks using your DNS addresses. DNSCrypt has multiple implementations available for various operating systems and platforms, such as Windows, macOS, Linux, Android, iOS, BSD and OpenWrt/LEDE.
4. Stop transparent DNS proxies with OpenVPN
Your VPN app should have integrated support for blocking transparent DNS proxies initiated by your Internet Service Provider. If there are no clear indicators for this, you can try contacting customer support to request assistance in this matter.
If this feature doesn’t exist, though, your VPN service should have support for the OpenVPN protocol. Firstly, make sure to update OpenVPN to the latest version. Secondly, visit the installed directory of OpenVPN to find the config subdirectory and open the .conf or .ovpn file of the server you want to establish a connection to. Once you opened the targeted file, add block-outside-dns as a new line.
5. Block non-VPN traffic with IP binding or system firewall
IP binding represents a VPN feature that permits the application to block all remote access points trying to reach your computer via the Internet, not just traffic routed through the VPN. You can look for this feature in the preferences page of the VPN app. Otherwise, consult the help manual or get in touch with the support team to ask for assistance.
If the VPN service cannot help in this matter, then you can manually block non-VPN traffic using the Windows 10 Firewall:
- Stay connected to your VPN application
- Click the Start button or press the Win key and type firewall, then click Firewall & network protection to open a new window
- Find and click Advanced settings, then click Yes if prompted by User Account Control (UAC)
- Select Inbound Rules from the list on the left side of the window, then click New rules on the right side to open a new window
- Select Program from the list on the left, then select All programs and click Next
- In the next wizard step, select Block the connection and click Next
- Leave Domain and Private selected but deselect Public before clicking Next
- Write a Name for the new rule and click Finish
- Once you return to the Advanced Security panel, click Outbound Rules from the left side and go through the same steps as for Inbound Rules
6. Use a VPN kill switch
Internet connections fail all the time, and this can even happen when you use a VPN application. If the tool is not equipped with a kill switch, you are in danger of having your IP address exposed as soon as the VPN connection drops, thus compromising your privacy.
The role of a kill switch is to automatically terminate all Internet connections as soon as the VPN starts experiencing connectivity issues. This way, your IP address remains secured until you reconnect to the VPN. Check out the settings of your VPN application and make sure there’s a kill switch option and that it’s activated.
7. Disable WebRTC
As we previously discussed, WebRTC is a technology that unintentionally leaks your real IP address. It’s built into any web browser and any software application that uses web browsing features, like Facebook Messenger. This means that, even if you’re connected to a VPN service, you will expose your real IP address every time you use a web browser to go online or a desktop client like Facebook Messenger to talk to your friends.
On the bright side, since it’s a web browser option, it means that it can be deactivated. Unfortunately, webRTC cannot be currently disabled at the router level, so you have to manually do this yourself, depending on which web browser you use.
8. Switch to a different VPN provider
If your favorite VPN app is leaking your IP address, we’re sorry to say that it’s simply not working the way it should. However, before deciding to buy another premium VPN service, contact customer support to let them know about this problem (perhaps it’s something temporary).
The following VPN applications include some form of leak protection, and they are listed by rating (based on our recommendations). Please don’t hesitate to check them out:
- ExpressVPN: Options -> Advanced tab -> Prevent IPv6 address detection while connected and Only use ExpressVPN DNS servers while connected
- CyberGhost VPN: Settings -> Connection -> DNS Leak Protection
- NordVPN: Settings -> General -> Custom DNS
- PureVPN: Preferences -> Advanced Options -> Security -> Only use PureVPN DNS servers while connected and IPv6 Leak Protection
- IPVanish: Settings -> Connection -> Kill Switch -> Enable IPv6 Leak Protection and Enable DNS Leak Protection
- Ivacy: Settings -> General -> IP/DNS leak protection
- Private Internet Access: Settings -> Network-> Name Servers
- VyprVPN: Options -> DNS -> DNS and DNS Leak Prevention
- Private VPN: Advanced -> Connection Guard tab -> IPv6 Leak Protection and DNS Leak Protection
Your real IP address might be occasionally exposed to the public Internet. When this happens, you will risk exposing your true identity to visited websites. This is why it’s important to regularly check your Internet connection for IP leaks, take all the necessary precautions to stop this from happening again, as well as opt for a VPN application which comes with its own settings for preventing data leaks.