How to Check if My VPN is Working


The increase in conversations about data security and online privacy has led to the popularity of virtual private networks (VPNs). Companies and individuals alike use VPNs to provide a shield for their IP addresses, secure data, and online activities. While a VPN can undoubtedly help when used properly in conjunction with browsers and operating systems, not all are perfect if the operator is not paying attention.

To ensure your VPN can do its important job well, you must be able to confirm you are not experiencing IP address or domain name service (DNS) leaks. If you do discover an IP leakage, you should know how to stop it.

A breakdown of IP address and DNS functions

If your device, be it a mobile phone, laptop, or PC, is connected to a network of any kind, it is identified by its IP address. Servers can contain many websites and assign each site its own unique identifier. The server uses IP addresses as the identifiers for sites and often different folders to organize all the information.

It would be impossible for us to remember so many numbers to access the endless sites available online, so a DNS server is used to translate the memorable name of a website into the appropriate numbers. As you type in a web address (URL), a translation must occur to change the URL into the IP address and destination folder the server uses to identify the website.

The process the DNS server goes through to translate and return information to load a web-page is called DNS resolution. Browser configuration, operating system, proximity, HOSTS files, and more all play a role in deciding which DNS server will process the request.

VPNs and the DNS Resolution Process

In an ideal world, the DNS resolution would occur on the servers created by your VPN provider. However, this is not necessarily the case, and it creates a scenario where your IP address is vulnerable to leaks.

If the DNS resolution is occurring on a server that is not run by your VPN provider, your IP address could be discovered as the original IP requesting the process. If this happens, then the entire advantage of using a VPN for anonymous browsing and privacy is lost.

Information must be encrypted from your system to the DNS server, to the VPN and back for a VPN to work appropriately. If the possibility of infiltration anywhere along the way exists, your VPN is rendered useless and your privacy is at risk. Preventing IP address leaks is imperative to keeping your VPN working.

Detecting a leak

There is a multitude of causes and types of leaks to discuss, but you should know how to discover if your system is experiencing one first.

The most efficient and simplest way to discover a leak is by using one of the many websites with services to test your system. These sites will check for both DNS or IP address leaks. The process is easy.

First, you should disconnect your VPN and connect to the website you will use to run the test. The site should show your actual IP and DNS server addresses. Exit the site and reconnect your VPN. Return to the testing site, refresh as necessary, and see if the same IP address is displayed.

If the site shows the same IP address and/or DNS server as when you had your VPN disconnected, you have a problem with privacy leaks. There are several common causes of these type of leaks. Fortunately, there are also solutions.

Leaks originating from browser vulnerabilities

Browser vulnerabilities are the most common types of IP leaks. Many involve browsers that use WebRTC application program interfaces (API). These APIs are convenient as they allow you to use chat features and file sharing without additional plugins or browser extensions.

Unfortunately, these browsers that run WebRTC (including popular ones like Chrome and Firefox) use vulnerable servers to get network addresses. This allows websites to hide certain lines of code that will display your actual IP address as the request to the server is made.

A leak of this nature can expose your IP address or your VPN IP address. Making things even more problematic is the fact that browser plugins claiming to prevent a leak often cannot. There is hope for protecting against a browser issue causing a leak.

Setting up firewall rules that indicate any request outside your VPN should be blocked can help. In addition, you should disable the WebRTC functionality in the privacy settings section of your browser.

Leaks occurring at the VPN

When choosing your VPN, make sure it includes secure DNS resolution on a server configured by the provider. Simply put, there is no good reasoning for using a VPN that does not offer this service. Using the DNS server your internet provider offers renders the VPN close to useless for privacy purposes.

However, your VPN service provider could be the source of the leak itself. Check to make sure your VPN is supporting IPv6 protocols. Otherwise, it is likely supporting the antiquated IPv4 protocol and creates an opportunity for an IP address leak.

Websites that support IPv4 protocol and not IPv6 would be safe to visit with a VPN that uses IPv4. If a site supports the newer IPv6 and your VPN does not you suddenly become at risk that your IP address gets exposed. The VPN will connect, but the encryption will not occur, meaning all your information is now being sent unencrypted. Suddenly, your IP address is exposed even with your VPN connected.

With a little research when choosing your VPN, you can easily avoid a leak in your VPN. The VPN should offer a DNS server that protects against leaks. It should support IPv6 or offer the possibility to disable it at a minimum.

It is possible to manually disable IPv6 to ensure your VPN encryption does not fail when accessing sites that support both IPv4 and IPv6. Finding a VPN that provides the previous protections is a much better option than this workaround.

Operating system leaks

Windows operating systems have a unique vulnerability to DNS leaks. This is problematic as many people use Windows at home or work. Using a VPN may not be protecting you if you are using Windows.

Operating systems create an order of priority for DNS resolution. HOST files, network connection configured servers, then NetBIOS is the typical hierarchy. Once a DNS server can finish the resolution, no other servers are contacted.

Windows 10 uses a different tactic. It sends the request to all available DNS servers and whichever responds first takes care of getting you to the appropriate web-page. This creates a problem if the server your ISP uses responds before the one your VPN does. If any server aside from the protected VPN server responds, your IP address becomes accessible.

Windows also uses Teredo tunneling to access IPv6 supported websites with hosts that only have the IPv4 network. This can lead to the same leaks discussed earlier as your VPN will not encrypt the traffic with these connections.

Aside from using a different operating system, there are some ways to prevent these leaks. First and foremost, disable the Teredo tunneling feature in your system settings. Additionally, you could disable the smart multi-homed name resolution feature if using Windows 10. This will eliminate the “whoever responds first gets the worm” scenario and keep your traffic headed to your VPN server.

Verify that your VPN is working

Many people want a VPN for privacy and keeping their online anonymity. This benefit can be made ineffective by a simple missed leak in the process. It is important to be diligent and ensure your VPN is working to its maximum potential.

You should expect your VPN to do its job, but it is important to remember that other system-related factors could inhibit it. Spend some time checking for leaks, resolving them, and preventing them moving forward to enjoy a positive web browsing experience.