IPFYI
🛡️ VPN & Online Privacy 8 мин. чтения

IP Leak Testing: WebRTC, DNS, and IPv6 Leaks

Learn how IP leaks undermine VPN privacy and how to test for WebRTC, DNS, and IPv6 leaks to ensure your real IP stays hidden.

What Is an IP Leak?

An IP leak occurs when your real IP address is exposed despite being connected to a VPN. This defeats the primary purpose of the VPN and reveals your true identity and location to websites, trackers, and potential adversaries.

There are three main types of leaks: WebRTC, DNS, and IPv6.

WebRTC Leaks

WebRTC (Web Real-Time Communication) is a browser API used for voice calls, video chat, and peer-to-peer file sharing. It requires discovering your real IP addresses (including local IPs) to establish direct connections. Unfortunately, WebRTC can bypass your VPN and expose your real IP:

// WebRTC leak demonstration (simplified)
// A website can create an RTCPeerConnection and discover your local IPs
const pc = new RTCPeerConnection({iceServers: []});
pc.createDataChannel("");
pc.createOffer().then(offer => pc.setLocalDescription(offer));
pc.onicecandidate = event => {
    if (event.candidate) {
        // This may contain your real IP address
        console.log(event.candidate.candidate);
    }
};

Fixing WebRTC Leaks

  • Firefox: Navigate to about:config and set media.peerconnection.enabled to false.
  • Chrome: Install the "WebRTC Leak Prevent" extension or use a VPN client with built-in WebRTC protection.
  • Brave: Settings -> Privacy -> disable "WebRTC IP handling policy."

DNS Leaks

When you type a domain name, your device sends a DNS query to resolve it to an IP address. If your VPN is not configured to handle DNS, these queries may go to your ISP's DNS servers instead of the VPN's DNS, revealing which sites you visit.

Testing for DNS Leaks

  1. Connect to your VPN.
  2. Visit a DNS leak test site or use the command line: bash # Check which DNS server is being used nslookup example.com # If the server is your ISP's DNS, you have a leak
  3. The DNS server in the results should belong to your VPN provider, not your ISP.

Fixing DNS Leaks

  • Configure your VPN client to use the VPN provider's DNS servers.
  • On Linux, check that /etc/resolv.conf points to the VPN's DNS.
  • Manually set DNS to a privacy-focused resolver (1.1.1.1, 9.9.9.9) as a fallback.

IPv6 Leaks

Many VPNs only tunnel IPv4 traffic. If your device has an IPv6 address and the destination supports IPv6, traffic may bypass the VPN tunnel entirely:

IPv4 traffic -> Through VPN tunnel (protected)
IPv6 traffic -> Direct to internet (leaked!)

Fixing IPv6 Leaks

  • Disable IPv6 on your device if your VPN does not support it: bash # Linux: disable IPv6 sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
  • Use a VPN that supports IPv6 -- Modern providers like Mullvad and IVPN tunnel both IPv4 and IPv6.
  • Enable IPv6 leak protection in your VPN client settings if available.

Comprehensive Leak Test Checklist

  1. Connect to your VPN.
  2. Check your visible IP at a "What's My IP" service -- it should show the VPN's IP.
  3. Run a WebRTC leak test -- no local or real IPs should appear.
  4. Run a DNS leak test -- all DNS servers should be your VPN's.
  5. Check IPv6 connectivity -- if you see an IPv6 address that is not the VPN's, you have a leak.
  6. Repeat on each browser and device you use.

Смотрите также

SSL/TLS Certificate Глоссарий DDoS Глоссарий DNS Spoofing Глоссарий Encryption Глоссарий Firewall Глоссарий HTTPS Глоссарий Intrusion Detection System (IDS) Глоссарий Man-in-the-Middle Attack Глоссарий WireGuard vs OpenVPN Сравнение VPN vs Proxy Сравнение VPN vs Tor Сравнение IPsec vs WireGuard Сравнение