How To: Check your VPN Connection is Working and Secure

10

Often times VPN’s can be as easy as one-click-connect, making it hard to know if the VPN is properly working and ensuring it’s securing all our data. Today we are going to teach you a bit about the different type of VPN leaks, why they are so critical and how to check your VPN connection is secure and working.

check vpn security

Video Tutorial

A YouTube video describing how VPN leaks occur and how you can check to ensure your VPN connection is secure and working.

VPN Leaks

What many people don’t know when using a VPN is there are several ways for your real identity to be exposed, even when the VPN is actively running on your system. This occurs through leaks, and there are a barrage of different type of leaks that can occur and spill your real identity.

When a VPN is actively running on the system, its job is ensure that every packet that goes in and out of the computer is encrypted and kept private. But what many don’t know is when the VPN is running, if a website is using a plugin you have installed on your system, such as Flash player, your real IP could be easily leaked. This could occur for any number of reason, but if your on YouTube.com, the website may see you are visiting from the VPN IP, however, when it asks your system to use the Flash player plugin, it will go ahead and start using the plugin on your system. This is when the leak occurs, meaning that Java, Flash, WebX among a number of other web-based plugins have the ability to be leaking your real IP address.

While that sounds bad, this isn’t even the worst part. Lets go ahead and say yeah, your VPN is on and not leaking anything through the system. Well what about the part of the VPN you can’t see? What are we talking about? We are talking about the DNS. Now in short, DNS stands for Domain Name System, and it changes domain names into machine readable IP addresses, allowing you to easily connect to Google.com without having to type in a lengthy IP address.

When using any type of wireless internet, your web requests can be seen by the DNS provider, presumably your Internet Service Provider (ISP). Now what you may not know is that when you use a VPN, your still required to use some form of a DNS, and that could be provided by the VPN, Google or other software. But this is where the scary part comes in. Some VPN’s out of box can continue to utilize your machines default DNS, meaning all websites you visited, or queries you sent through the DNS can be read and captured by your ISP.

As we described above, a DNS translates domain names to IP addresses that devices can connect to. Meaning when you use the Internet, you are sending queries to the DNS, telling it which domain to connect and direct you to. Well information can be leaked from these simple DNS queries. It works as so. You open your browser and visit VPNFTW.com, the DNS will do its magic and connect you to the domain, easy enough right? Wrong! When you visited vpnftw.com, whoever is serving your DNS just saw that your IP address made a request and connected to VPNFTW.com. Now DNS leaks don’t give specific information on what specific page of the website you visited, just the domain name.

These leaks can be detrimental in heavy censored countries and could lead to an individuals identity being exposed. DNS leaks could also harm how the VPN works, as some countries can set DNS blockades where websites are censored at the DNS level. A graphic below details how a DNS leaks works.

What is a DNS Leak?

Image credit: dnsleaktest.com

Check VPN Connection with Leak Tests

vpn

Now that we are briefed on a few type of leaks that can occur, lets get to ensuring your VPN connection is secure!

To ensure the VPN is actually connected and working, we will guide you through a series of tests to ensure the entirety of your system is being protected by the VPN. During these leak tests we will be using Private Internet Access VPN, our #1 recommended VPN of all time.

XMyIP Basic IP Address Test – Head over to xmyip and click the additional details button. When it’s done loading, ensure the IP address that the webpage displays is not your personal address, and be sure to check the Google Maps location that appears on the right. Ensure that all of the details appearing are not yours or where you live. Here is a photo while we were connected to our VPN’s west coast servers.

Check VPN IP Address

This is the most basic test and it it fails, this means your VPN is failing at protecting your IP address, a basic task. Try reconnecting to a new server or reaching out to your VPN if issues persist.

Now as we are not located in Los Angeles and that is not our hostname, we can ensure the VPN is masking our IP address, but don’t get to excited, far more severe leak tests lie ahead.

Whoer Extended IP Test – This VPN check is one of the most critical of them all, and will let you know if the entirety of the your system is being protected by the VPN. Now go ahead and click on the link and allow the page to fully load. We know, the page looks scary with a lot of information but don’t sweat it, we’ll walk through all of it in a breeze.

To start, at the top of the page the extended test will show you the IP address your computer is broadcasting, along with the host-name, blacklist and if your using an anonymizing tool. Now to start, the IP address the first part is broadcasting should not be your own. Second, if the words YES in all red appear under the blacklist don’t worry, it just means the IP address has been abused by multiple people and may be seen as malicious by some sites. However don’t worry, the web will still work the same and you shouldn’t notice any differences. Here is our test on the first screen:

Extended IP Address Check

Now lets move to the tab labeled “Interactive detection” and take a look. Now this is the test that will let you know if the VPN is really masking your machines IP address from any standpoint. Now if you have plugins like Flash and Java installed on your system, this page will go ahead and request them. Meaning it will go ahead and utilize the plugin from your system and let you know what IP address your system is broadcasting. On our personal systems, we have such programs uninstalled so our test appears N/A. Ensure the IP address you see is the same as your VPN IP and not your regular IP address. Also take a look over the DNS tab, you should also see your VPN IP, no other IP’s should be appearing under any circumstance.

IP Address Leak Test

Now head over to the third tab labeled “Location” and check that the location the website is displaying is not your real location. As well, below that is a test for the time being broadcasted on your system. When using a VPN, the program will simply mask and encrypt your Internet connection but will not make any physical changes on your system. This means while we are connected to a server in LA, if we lived in Canada or elsewhere, our system will be broadcasting the time in Canada, the time set on your system. This can be a big privacy loophole if you want 100% anonymity, but more often than not, webpages won’t request the time being displayed on your system. This means if you want the time to appear as if you were in that location, you need to go into your system settings and change it manually. For our privacy we went ahead and blocked out some of the displayed information.

VPN Location Test

The rest of the information below is of no use when you check your VPN connection.

My VPN is leaking, what do I do? If you find your VPN to be leaking through any of these tests, you are limited on what you can do. First, we recommend disconnecting and connecting to another server and giving the tests a try. If that continues, try clearing your browser cache or try the tests in another browser. If they persist, you may want to try and re-install your VPN client or give customer support a try. If you have tried all of the above and issues continue, we recommend you grab another VPN service. Specifically Private Internet Access, as they have dedicated clients for Windows, Mac OS X, iPhone and Android, and they all come with VPN leak protection. Meaning your VPN will stay secure and non-leaking just from the client itself. Here is a picture of their Windows client with the anti-leak technology.

How to Stop DNS leaks

DNS Leak Test – The most critical test of them all! Head over to the webpage, ensure the IP displayed is not yours, click “Extended Test” and let it run til the page is done loading, this could take several minutes depending on your setup.

As we explained above, DNS leaks can be critical and nearly defeat a huge part of why we use VPN’s today. Now when running this test, the results may vary. You may see as little as one DNS server, or may see something like 8-10 different addresses. Both are totally fine, but its what’s within those numbers that can tell us.

Now VPN providers may use any cocktail of DNS servers, but we need to ensure that none are leaking to your ISP. First, check the IP address and hostname, make sure that they are not yours. If they are different from the VPN IP this is okay, but make sure they are not linked to your ISP. You can do this by either looking at the hostname or by looking up the IP address through a search engine. When we did this test with out VPN, we got the following results.

Check DNS Leaks

What if my DNS is leaking? Don’t panic, there are quite a few ways to fix this and none of them require contacting the VPN provider.

One way is to manually change the DNS on your system. You can change it to Google’s free DNS, the privacy violating search giant, or can change it to something from OpenDNS or similar. Due to the variety of operating systems and specific versions, we cannot guide you on how to change your system DNS, that will have to be something you need to lookup if you are unsure how to do it yourself. You can generally change it within a few simple clicks.

Another way would be to choose a VPN with a dedicated DNS. A number of providers offer encrypted and secure DNS options as part of their plan, this includes the VPN we recommended above, they specifically have a DNS leak protection option.

There are any number of ways to change the way your DNS operates even if your using a phone or tablet, we recommend you take a look online for your specific device.

Conclusion

Checking your VPN connection is essential to ensuring that your VPN is working properly and secure. Whether it’s a Java leak, Flash leak or DNS leak, they can all be critical and need to be patched right away.

We hope our check your VPN connection guide worked and helped you secure your VPN. Let us know if the guide worked for you and what VPN your using in the comments below!

About Author

Brandon Stosh is the CEO and founder of VPNFTW.com. Stosh is a cyber security researcher and professional consultant who enjoys sharing his knowledge with the world!

10 Comments

    • This bis an outstanding quick video Brandon. I have a TP-Link hardware VPN (R600 VPN), and I have had it for close to a year but until today it wasn’t setup correctly. this video taught me how to check and make sure my VPN is working correctly, and it is. Thank you so much Brandon!!!

  1. I have PIA but sometimes it just stops and it does not tell me that it stopped, then I realize that my IP is exposed. I can’t find a kill switch option inside the settings. I checked and people say there is a built in kill switch but it does not work & does not tell you that the IP address has changed. Others suggest another program to make the internet stop if the VPN fails but the one I tried is very technical, any suggestions?

    • Hello, are you using the custom client for either Windows or Mac? If so, there should be an advanced button, that will open a catalog of features. If you can’t find that button, watch out video review https://youtu.be/BLDQzKZZSaI and that should help. If your IP is still exposed after watching this video please let us know. It sounds like the VPN is not fully connecting and exposing all your traffic.

  2. Thank You Brandon.

    Appreciate your help for making it easier for me to decide which VPN to go with.

    Keep the good work. World need more guys like you.

  3. Using Whoer.net in extended mode I see often open ports (80 and 8080) which downgrades the security rating
    What is this? Is it a real concern?

Leave A Reply