Insights For Success

Strategy, Innovation, Leadership and Security

How do I test my VPN to determine if it is leaking?

GeneralEdward KiledjianComment
egg-2161877_1920.jpg

When something leaks, it's usually bad news. A leaking pipe in the kitchen or a leaking radiator. The same principle applies to your VPN. When a poorly designed VPN fails and leaks your data, that's the start of a bad day.

Unfortunately, there is no visible indication that your VPN is leaking.    Obviously, well-designed VPN services do not leak, my favourites being: 

When looking for VPN leaks, we typically evaluate these angles:

  • DNS leaks
  • IP address leaks (IPv4 & IPv6)
  • WebRTC leaks

Below are basic instructions on how to quickly identify VPN leaking. If you are more paranoid or highly technical and demand to use your magical IT skills, you can also inspect the packets using tcpdump or WinDump while running the below tests. 

DNSLeak1.PNG

It's time to start testing

What am I looking for?

Obviously, you connect to your VPN service first, then visit all of these sites. The hope is that none of the information shown should actually be associated with your "real" computer (IP address, DNS server and WebRTC). 

The most significant failure I see with most VPNs is DNS and WebRTC leakage.

If your VPN service provider offers multiple servers, then you should run the tests with the various servers.

If your VPN service provider offers multiple protocols, then you should run the test with each of the protocols.

I have found some VPN providers where it did not leak on one server but leaked on another. Where it did not leak via one protocol but leaked with another. Testing the various combinations is time-consuming but critically important. 

DNSLeak2.PNG

The above test shows that the VPN is protecting my IP and DNS information but in this case was leaking my private 10.x test lab internal IP address (which is obviously bad). When I switched to a new server from the same provider, the leak stopped.

Mobile phone VPN leaks

DNSLeak3.PNG

An August 2016 research paper highlighted the issue of IP leakage on Android smartphones. They discovered that 84% of Android VPN apps leaked the user's "real" IP address.

What is WebRTC and why does it leak?

WebRTC is an API standard that allows voice and video chat without needing to install any plug-ins. It is a cross-platform web browser standard. 

The "trick" to leaking your WebRTC information is to use basic Javascript to send a UDP packet to a Session Traversal Utilities for NAT (STUN) server. That server sends back a packet containing the IP address where the request originated. 

If vulnerable, you will see your internal IP Address in the WebRTC response. 

What is DNS and why does it leak?

The domain name system (DNS) is a special global directory that converts URLs into numeric addresses that the internet can route. If you enter kiledjian.com into your browser from New York, your DNS server will return the numeric routable IP address for my website 104.28.2.40. 

DNS services are typically provided by your internet service provider or company. Anytime you try to access a webpage; you ask that DNS server for the numeric routable IP address of the site and thus your provide (or school or company) have a running list of every website you tried to access. When using a good VPN service, all DNS requests should be routed to their anonymous DNS service thus protecting your browsing information. When your browser sends the request to your ISP DNS anyway, that is called a DNS leak because your privacy is "broken".