privacy

Is my VPN leaking? DNS and WebRTC leak test

Test WebRTC leaks and public IP visibility for your VPN.

ShareWhatsAppX

IP and WebRTC checks run in your browser. DNS leaks need a dedicated external test.

Solutions that can help in your case

How the VPN leak test works

The test has two layers. First it checks your public IP via independent sources (ipify and ipapi) — the address websites see right now. With a healthy VPN, that should be the VPN server IP, not your home ISP address.

Next, the browser builds a WebRTC connection using STUN servers. WebRTC powers video calls, Discord, and some games. It can expose real IPs over P2P paths that sometimes bypass the VPN. Results are labeled as possible leak, no obvious public leak, inconclusive (common with mDNS), or error.

How to run the test in 4 steps

  1. Connect: Enable your VPN and pick a server.

  2. Check IP: Run the test and confirm the public IP changed.

  3. Check WebRTC: See whether real public IPs appear or only local ones.

  4. Act: If it leaked, fix kill switch and WebRTC, then test again.

Is my VPN leaking IP, DNS, or WebRTC?

Many people enable a VPN, see a “connected” badge, and assume they are protected. In practice, IP and WebRTC leaks are common: the UI says you are on, while the browser still exposes your real address to calls, ads, or P2P apps.

That matters on public Wi-Fi, while traveling, for remote work, or anyone who does not want their ISP mapping every visit. This page aims for an honest diagnosis — including when the result is inconclusive.

Practical tips to actually stay protected

  • Always enable the VPN kill switch before sensitive browsing — if the VPN drops, traffic should not fall back to the ISP.
  • Disable or restrict WebRTC in the browser (or use a trusted extension) if you care about real IP exposure on calls.
  • Pick VPN servers in the country/region you need; re-test after every server change.
  • Do not trust the extension icon alone: run this test and a dedicated DNS test such as dnsleaktest.com.
  • Avoid sketchy “free” VPNs with opaque logging; if the product is free, you may be the product.
  • Keep the VPN app and browser updated; old leak bugs still show up on stale builds.
  • On public Wi-Fi, connect the VPN before opening email, banking, or social apps.
  • If you see a leak, reconnect, try another protocol (WireGuard/OpenVPN), and test again.

What an IP leak is and why it matters

Your public IP identifies your connection on the internet. It can approximate location and ISP, and combined with cookies it feeds tracking profiles. A well-configured VPN replaces that IP with the provider’s server address.

A leak means some network layer still uses your real IP while the VPN claims to be connected — bad routes, ISP DNS, or WebRTC opening a side path. Most people never notice without an explicit test.

WebRTC: the quiet leak path

WebRTC enables real-time browser communication. To find network paths it queries STUN and may expose local and sometimes public IPs — even with a VPN on.

This test gathers ICE candidates and lists seen IPs. Private ranges (10.x, 192.168.x, 172.16–31.x) are normal at home. Public IPs matching the API IP are a strong leak signal.

Honest limits of this test

We do not reliably detect DNS leaks client-side. Use specialized DNS tools for that. We also do not fully audit IPv6 on every browser or the VPN vendor’s logging policy.

The value is speed and clarity: in seconds you know whether your public IP changed and whether WebRTC is shouting your real address.

How to read each status

Leak: WebRTC showed the same public IP as the API — treat as an alert; fix kill switch / WebRTC.

Safe (no obvious public leak): only private IPs or expected patterns. Still re-test after network changes.

Inconclusive: no public candidates (mDNS) or public IPs that do not match the API — verify with other tools.

Error: IP APIs failed or the browser blocked the test; check connectivity and retry.

When a reputable paid VPN is worth it

If you rely on privacy daily — remote work, travel, hotel Wi-Fi, or simply less tracking — pick a provider with a proven kill switch, clear no-logs stance, and stable servers where you need them. NordVPN and Surfshark are widely tested; always validate with this page after you connect.

VPN leak FAQ

Domain lookups still go through your ISP DNS instead of the VPN’s DNS, so third parties can see which hostnames you resolve even if traffic is tunneled. This tool focuses on IP and WebRTC; use dnsleaktest.com for DNS.