How to Tell If Your VPN Is Actually Working (4 Tests Anyone Can Run)

Turning on a VPN doesn't automatically mean it's working. A surprising number of users connect to a VPN and assume they're protected — when in reality their real IP address, DNS queries, or browser traffic is leaking outside the encrypted tunnel. Studies find that 23% of paid VPN applications leak DNS requests under specific conditions, and up to 44% of VPN users may be exposing traffic to their ISP through misconfigured connections (SQ Magazine, 2025; JoshWP, 2025).

The good news: verifying your VPN is actually working takes about 3 minutes and requires no technical knowledge. Here are the four tests to run — in order of importance.

Test 1: IP Address Check (Start Here)

The most basic test. Your VPN should replace your real IP address with the VPN server's IP address. If websites can still see your real IP, your VPN either isn't connected or isn't routing traffic correctly.

How to run it:

1. Disconnect your VPN and go to ipleak.net or whatismyip.com. Note your real IP address and location.
2. Connect to your VPN and reload the page.
3. Your IP address should now show the VPN server's address — in a different location than your real one.

What a passing result looks like: The IP shown matches the country/city of your VPN server, not your real location. If you connected to a US server, the page should show a US IP.

What a failing result looks like: Your real IP or real location still appears after connecting. This means traffic is bypassing the VPN tunnel — often due to a connection error, a split-tunneling misconfiguration, or the VPN app not fully initializing before the test loaded.

Test 2: DNS Leak Test

Even if your IP address is masked, your DNS queries might still be routing through your ISP's servers — revealing every website you visit. This is called a DNS leak, and it's one of the most common VPN failures.

DNS queries are the lookups your device makes every time you type a URL — translating "cyberfenceplatform.com" into an IP address. Without a VPN, these go to your ISP's DNS servers. With a properly configured VPN, they should route through the VPN's own DNS servers instead.

How to run it:

1. While connected to your VPN, go to dnsleaktest.com.
2. Run the "Extended Test" (more thorough than the standard test).
3. Review the DNS servers listed in the results.

What a passing result looks like: The DNS servers shown belong to your VPN provider or a neutral third party — not your ISP. The locations listed should match your VPN server location, not your home country.

What a failing result looks like: You see DNS servers from your internet provider (Comcast, AT&T, Verizon, Cox, etc.) or your home country when you're connected to a foreign server. This means your DNS requests are bypassing the VPN tunnel.

How to fix a DNS leak:

• Check your VPN app settings for a "DNS leak protection" option — enable it if present
• Make sure you haven't manually set a custom DNS (like 8.8.8.8) that routes outside the tunnel
• On Windows, disable the "Smart Multi-Homed Named Resolution" feature, which can route DNS requests outside the VPN
• If leaks persist, your VPN provider's DNS implementation may be fundamentally flawed — consider switching

Test 3: WebRTC Leak Test

This is the sneakiest leak type — and the one most VPN users don't know to check. WebRTC is a browser technology that enables real-time communication like video calls, but it can expose your real IP address to websites even when you're connected to a VPN. It bypasses the VPN tunnel entirely through a separate pathway called STUN requests.

Research found that 20-30% of browser-based VPN extensions fail to prevent WebRTC IP leaks in their default configuration (USENIX Security / FreeGuard, 2025). Chrome, Firefox, Edge, and Opera all have WebRTC enabled by default — making this a near-universal exposure for browser users who aren't checking.

How to run it:

1. While connected to your VPN, go to browserleaks.com/webrtc or ipleak.net.
2. Look at the "Public IP Address" row in the WebRTC section.
3. Compare the IP shown to your real IP from Test 1.

What a passing result looks like: The WebRTC section shows your VPN's IP address, or shows no IP at all. No real ISP-assigned IP appears anywhere on the page.

What a failing result looks like: Your real home IP address appears in the WebRTC section, even though your VPN IP shows correctly in the main IP test. This is a leak — websites and services can see your real location despite the VPN.

How to fix a WebRTC leak:

• Firefox: Type about:config → search for media.peerconnection.enabled → double-click to set it to false. This disables WebRTC entirely — note it will break browser-based video calls.
• Chrome/Edge/Brave: Install the "WebRTC Leak Prevent" extension from the browser's extension store, or install uBlock Origin and enable its WebRTC protection in Settings → Privacy.
• Brave: Go to Settings → Privacy and Security → WebRTC IP Handling Policy → select "Disable non-proxied UDP."
• Best fix for all browsers: Use a VPN that handles WebRTC traffic natively — routing those requests through the encrypted tunnel so browser-based video calls still work without the leak.

Test 4: Kill Switch Test

Your VPN's kill switch should block all internet traffic if the VPN connection drops — preventing your real IP from briefly appearing during reconnection. Many users have kill switches enabled but have never verified they actually work.

How to run it:

1. Enable your VPN's kill switch in the app settings.
2. Connect to the VPN and confirm your IP is masked (Test 1).
3. While connected, disconnect your VPN suddenly — either by force-closing the app or disabling your WiFi briefly and re-enabling it.
4. Immediately (before the VPN reconnects) go to ipleak.net.

What a passing result looks like: The page fails to load entirely, or loads but shows no content — because the kill switch has blocked all traffic. Once you reconnect the VPN, traffic resumes normally.

What a failing result looks like: The page loads during the VPN gap and shows your real IP. This means the kill switch isn't functioning, and every time your VPN drops — which happens occasionally on all networks — your real IP is briefly exposed.

Signs Your VPN May Not Be Working (Without Running Tests)

You can also watch for behavioral signs that indicate VPN problems before running formal tests:

• Streaming services still show your local library — If Netflix, Hulu, or YouTube show content limited to your home country despite connecting to a foreign VPN server, your IP is likely still being detected.
• Websites still show your real location in weather or local results — If a website shows "Orlando, FL" when you've connected to a New York VPN server, your location is leaking.
• Your internet speed is unchanged — VPNs typically reduce speed somewhat due to encryption overhead. If speed is completely unchanged, verify the VPN app shows "Connected" and is routing traffic.
• Security warnings about your IP appear — Some services flag logins from "unusual locations" — if a service thinks you're still in your normal location after connecting to a foreign VPN server, traffic may not be routing correctly.

How Often Should You Test?

Security researchers recommend running leak tests:

• After any VPN app update
• After any major OS or browser update
• When connecting from a new network (new workplace, travel location)
• Monthly as a routine check

Browser updates in particular can silently reset WebRTC settings or extension configurations — making monthly checks important even if everything was clean last time you checked.

What to Do If Your VPN Is Leaking

If you fail any of the four tests above:

1. Check your VPN app settings for DNS leak protection, kill switch, and IPv6 leak protection — enable all three if available
2. Make sure no other VPN or proxy software is running simultaneously (driver conflicts are common)
3. Disconnect, close the VPN app, reopen it, and reconnect
4. Update the VPN app to the latest version
5. If leaks persist across multiple tests and reconnections, the VPN provider has a fundamental infrastructure problem — it's time to switch

A VPN that leaks your DNS queries or real IP address is not just failing to protect you — it's giving you a false sense of security, which may be worse than using no VPN at all.