How to Fix IP, DNS & Torrent VPN Leaks

If your true IP address is leaking and your location is visible, your VPN simply isn’t doing its job. Your device is contacting the default server rather than the intermediary VPN server it is supposed to.

Fixing an IP leak will depend on the type of IP address you’ve been assigned. Generally speaking, the only way to prevent IPv4 leaks is to use a high-quality VPN. By contrast, IPv6 leaks can usually be resolved in your device’s settings.

It’s important to use a VPN with a kill switch, too. This feature will block your traffic if the internet connection suddenly drops, preventing your real IP address from leaking while the VPN service is down.

How to Fix IPv4 Leaks

An IPv4 leak is the easiest VPN leak to fix. Here’s what to do:

If your IPv4 address is still leaking then your VPN is simply not working and you should find a better provider. It may sound harsh, but if a VPN cannot protect your IPv4 address then it is essentially useless.

How to fix IPv6 Leaks

Unless a VPN supports or actively blocks IPv6, your personal IPv6 address can be exposed if you’re on an IPv6-enabled network.

The majority of VPNs will have no provisions for IPv6 at all and will therefore always leak IPv6 traffic.

If you have an IPv6 address that is being leaked by your VPN, try these steps:

If your IPv6 address is still leaking you have two choices: either find a new VPN or disable IPv6 on your computer.

To disable IPv6 on a Windows 10 PC:

1. Right-click on the Network or WiFi icon in your system tray and click Open Network & Internet settings.
   
2. Select Change adapter options.
   
3. You will be presented with a list of all your computer’s adapters. Find the one that you’re currently using to connect to the internet. Right-click on it, then click Properties.
   
4. The new window will open on the Network tab. Scroll down until you see an option labeled Internet Protocol Version 6 (TCP/IPv6). Uncheck the box next to it, click OK and then restart your computer.
   
5. Once your computer has rebooted, run our leak test again to make sure the issue is resolved.

To disable IPv6 on an Apple MacOS device:

Disabling IPv6 on macOS involves using the terminal:

To disable IPv6 on an Apple iOS or Google Android device:

You cannot disable IPv6 on iPhone or iPad at a system level. You can’t on Android, either, unless your device is rooted or you download a third-party app, which we wouldn’t recommend.

You just have to trust your VPN app to prevent IPv6 leaks. If it is unable to do so, you should consider using one of these safe iPhone VPNs instead.

Your VPN could be leaking DNS traffic for a number of reasons. Luckily, there are a few simple ways to fix the most common issues behind DNS leaks.

First of all, the DNS leak may be a false positive. If you have manually set your device’s DNS to one belonging to a third-party service like Google’s, then you can ignore this result.

Alternatively, many VPNs simply provide inadequate DNS leak protection. The most effective way to fix DNS leaks is to pick a trusted VPN service that maintains its own zero-log DNS servers.

The VPN should force all traffic to go through these first-party servers rather than any third-party alternatives. ExpressVPN and NordVPN are just two of the many excellent VPNs which operate their own DNS servers.

If you don’t want to switch VPN providers, you’ll need to use a third-party DNS server such as Google Public DNS or OpenDNS to allow your requests to go through the VPN rather than directly from your local network.

Change Your DNS Settings

If your VPN doesn’t automatically connect to a private DNS server, you may have to manually connect to your preferred third-party DNS server. To do this, you will need to change your DNS settings.

We recommend choosing a third-party DNS server that does not reveal your true location, such as Google’s freely-available public DNS.

To change your DNS settings on Microsoft Windows 10:

1. Right-click on the Network or WiFi icon in your system tray and click Open Network & Internet settings.
   
2. Select Change adapter options.
   
3. You will be presented with a list of all your computer’s adapters. You want to find the one you’re currently using to connect to the internet (for example ‘Home Wi-Fi’, or whatever your network is called). Right-click on it, then click Properties.
   
4. The new window will open on the Network tab. There will be one option labeled Internet Protocol Version 4 (TCP/IPv4) and another labeled Internet Protocol Version 6 (TCP/IPv6). Select Internet Protocol Version 4 (TCP/IPv4) then click Properties.
   
5. You will see two checkboxes towards the bottom of the window, one labeled Obtain DNS server automatically and one labeled Use the following DNS server addresses. Click on the second option.
6. The two previously grayed-out text fields should now be white. In the Preferred DNS server field enter 8.8.8.8. In the Alternative DNS server field enter 8.8.4.4. This will set your DNS to Google’s. You can find a list of alternative DNS options here.
   
7. If your router is also IPv6 compatible, repeat steps 4-6 but for the Internet Protocol Version 6 (TCP/IPv6) option.
8. Rerun a leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Apple MacOS:

1. Open System Preferences then select Network.
   
2. A list of network adapters will appear on the left-hand side of the window. The one which is currently in use will have a green dot by it. Select it, then click on Advanced.
   
3. Click on the DNS tab. The left-hand side of the window will now show a list of your DNS servers. Click the + icon in the bottom-left-hand corner.
   
4. Enter 8.8.8.8 and press the Enter key. This should now have replaced the greyed-out default DNS server that was previously at the top of the list (or the only item in it).
5. Click the + icon again and enter 8.8.4.4, then press the Enter key. Your DNS will now be changed to Google’s.
   
6. Run a leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Apple iOS:

1. Open the Settings app.
   
2. Tap on Wi-Fi. On the far right-hand side of the network you’re connected to you’ll see a small ‘i’ inside a circle. Tap it.
   
3. Scroll down to the DNS section and tap on Configure DNS. By default, this will be set to Automatic. Tap Manual > Add Server then enter 8.8.8.8, 8.8.4.4 and tap Save.
   
4. Try a VPN leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Google Android:

1. Open the Settings app.
   
2. Tap on Connections > More connection settings > Private DNS.
   
3. Check the box next to Private DNS provider hostname. In the field below type in dns.google and tap Save.
   
4. Run another leak test to check the leak is resolved and find any additional issues.

Update Your OpenVPN Version

Some ISPs use a transparent DNS proxy – a ‘middleman’ that captures and redirects web traffic – to make sure your requests are sent to their own servers.

Transparent DNS proxies effectively ‘force’ a DNS leak without notifying the user. Luckily, most leak detection websites and online tools will be able to identify a transparent DNS proxy in the same way as a normal DNS leak.

The latest versions of the OpenVPN protocol have a simple method to tackle this problem:

1. Find the .ovpn or .conf file for the server you’re trying to connect to. These files will be stored in folders on your machine, usually in C:\Program Files\OpenVPN\. For more information, read the OpenVPN manual.
2. Once you’ve found it, open the file in an editing program like Notepad. Add: block-outside-dns to the bottom.
   
3. Rerun our leak test to check the leak is resolved and find any additional issues.

Update to the latest version of OpenVPN if you haven’t already. If your provider doesn’t support this or is using an older version of the protocol, it’s worth looking for a different VPN service.

Fortunately, most premium VPN services have their own solutions for tackling transparent proxies. For more details, contact your provider’s customer support service.

Disable Teredo

Teredo is a built-in feature of Windows operating systems designed by Microsoft to improve IPv4 and IPv6 compatibility.

Teredo helps IPv4 and IPv6 coexist by allowing IPv6 addresses to be transmitted and understood on IPv4 connections. However, because Teredo is a tunneling protocol, it can sometimes take priority over your VPN’s encrypted tunnel, causing a DNS leak.

Teredo is easily disabled within the Windows operating system. Here’s how:

1. Open Command Prompt and type netsh interface teredo set state disabled

2. Press the Enter key to disable Teredo.
3. Redo our leak test to check the leak is resolved and find any additional issues.

You might experience occasional issues with certain websites or servers when Teredo is disabled. That said, it is a much more secure choice for VPN users.

WebRTC leaks are primarily a browser issue. For that reason, fixing WebRTC leaks isn’t always as simple as just subscribing to a good VPN.

If your VPN does offer a ‘Disable WebRTC’ feature, be sure to enable it. Remember that most WebRTC blocking features are found in VPN browser extensions rather than the desktop application.

If you are finding WebRTC leaks and your VPN doesn’t offer an option to block it, you will need to disable WebRTC in your browser settings.

Here’s how to disable WebRTC in some of the most popular desktop web browsers:

To Disable WebRTC in Google Chrome or Microsoft Edge:

You cannot disable WebRTC directly within Google Chrome or Microsoft Edge. We advise that you either use a different browser or install an extension that does it for you. Our favorites are WebRTC Leak Prevent (click here for Chrome) and uBlock Origin (click here for Chrome or here for Edge).

These aren’t always 100% effective, so using a browser that allows you to disable WebRTC is recommended. You can find our recommended browsers for privacy here.

To Disable WebRTC in Mozilla Firefox:

1. Type about:config into your address bar and press Enter. Click the Show All button.
   
2. Toggle media.peerconnection.enabled to false.
   
3. To disable media devices, toggle media.navigator.enabled to false.
   
4. Perform a VPN leak test to make sure the issue is resolved.

To Disable WebRTC in Apple Safari:

1. Click Safari then Preferences.
   
2. Click on the Advanced tab, then check the box labeled Show Develop menu in menu bar.
   
3. Click on Develop in the menu bar. Under the WebRTC dropdown option uncheck Enable 2Legacy WebRTC API. If this option is grayed out then everything is fine. You’re all set.
   
4. Try our VPN leak test tool again to make sure the issue is resolved.

To Disable WebRTC in Opera:

1. Type about:config into your address bar and press Enter.
2. Go to Settings > Advanced > Privacy & security. Scroll down until you see WebRTC and check Disable non-proxied UDP and save your changes.
   
3. Revisit our VPN leak test tool to make sure the issue is resolved.

To Disable WebRTC in Brave:

1. Open the menu in the top-right-hand corner and click Settings > Shields > Fingerprinting Blocking and then select Strict, may break sites. If you do find it adversely affecting any sites you commonly use and trust then you can revert it to the Standard setting.
   
2. Now in the left-hand menu click Additional Settings > Privacy and security and change the dropdown menu option next to WebRTC IP Handling Policy to Disable Non-Proxied UDP.
   
3. Retry a VPN leak test to make sure the issue is resolved.

If your real location is still visible on the map then there are two possibilities. One is that your real IPv4 or IPv6 address is still leaking. Please follow the steps outlined above in order to fix this.

If the problem persists, then it is likely that HTML5 geolocation is revealing your true location. This can happen as it uses techniques for determining your location that can’t be protected by a VPN. For example, it can detect WiFi hotspots near you or use cellular data to triangulate your longitude and latitude. It can also look at local information from your router.

To fix these location leaks you need to disable HTML5 geolocation in your browser, or use the ExpressVPN browser extension, which has built-in HTML5 geoleak protection.

To disable HTML5 geolocation in Google Chrome:

1. Click on the menu button in the top right-hand corner of Chrome, then click Settings.
   
2. Scroll down to the Privacy and security section and click Site settings.
   
3. Scroll down to Permissions and click on Location.
   
4. Ensure that Ask before accessing (recommended) is toggled to on.
   

This won’t disable it entirely but will instead give you the choice of enabling or disabling HTML5 geolocation for each individual website you visit.

To disable HTML5 geolocation in Mozilla Firefox:

1. Open Firefox and type about:config into the address bar and press Enter. Click the button labeled Show All.
   
2. Type geo.enabled into the search bar and press Enter.
3. A bar will appear labeled geo.enabled. Double-click it so that it now says false.
   

To disable HTML5 geolocation in Apple Safari:

1. Click the Safari menu button in the top left-hand corner, then click Preferences.
   
2. Click on the Privacy tab, then next to Website Tracking check the box labeled Prevent Cross-site tracking.
   
   

To disable HTML5 geolocation in Microsoft Edge:

1. On your Windows PC press Win + A. This will open up the Action Center on the right-hand side of your screen
2. Right click on Location and then click Go to Settings.
   
3. Scroll down to the Allow apps to access your location section and change the slider to the Off position.
   
4. Scroll down further to the Location history section and click Clear.
   
   

To disable HTML5 geolocation in Opera:

1. Open Opera and type about:config into the address bar and press Enter.
2. Click Advanced in the left-hand menu, then click Privacy & security.
   
3. Click Site Settings then Location.
   
4. Toggle the slider next to Ask before accessing (recommended) to Off.
   

Once you’ve carried out whichever steps are relevant for you and your browser, make sure you clear the cache, cookies, and history.

Flash is outdated and a security risk. It will soon be completely removed from all popular browsers.

If our test has told you that Flash is still enabled in your browser, follow these steps to disable it.

To Disable Flash in Google Chrome:

1. Open the menu, then navigate to Settings > Privacy and security > Flash.
   
2. Check that the toggle is in the left-hand position: Block sites from running Flash.
   

To Disable Flash in Mozilla Firefox:

1. Open the menu and select Add-ons > Plugins.
   
2. Look for Shockwave Flash and select Options.
3. At the bottom of the next screen, check the box next to Enable Adobe Flash protected mode.

If you have only recently installed the browser for the first time then Shockwave Flash may not actually be listed as a plugin. In this case, you have nothing to worry about and can ignore steps two and three.

To Disable Flash in Microsoft Edge:

1. Open the menu and click Settings, then click Cookies and site permissions.
   
2. Click on the option labeled Adobe Flash.
   
3. Toggle the switch under Use Adobe Flash Player to the Off position.
   

To Disable Flash in Apple Safari:

Flash is now disabled by default in Safari. You don’t need to do anything.

To Disable Flash in Opera:

1. Copy and paste opera://settings/content/flash?search=flash into the search bar, then hit Enter.
2. Make sure that the toggle next to Allow sites to run Flash is set to Off.
   

There are plenty of security flaws that arise from having Flash enabled, including the potential exposure of your IP address, so be sure to leave it disabled.

If your IP address has been identified as belonging to a data center, that almost certainly means that your VPN is running. This type of leak won’t necessarily expose your identity, but it will reveal the fact you’re using a VPN.

IP addresses can be identified by the type of connection they’re used for. Your standard home or mobile connection will be labeled as a residential IP address, as you’re a normal person using a normal amount of data.

IP addresses belonging to data centers are easy to identify due to the huge amounts of data that flow to and from them at all times of day. Most VPN IP addresses will fall into this category.

To fix this, simply turn off your VPN or proxy.

If you use a VPN while torrenting then you need to make sure that your BitTorrent client isn’t leaking your IP address. This is something that can happen even if your VPN is working as intended with other apps and web browsing.

A torrent IP leak can occur from two sources: TCP and UDP. These are the two protocols used when you download a file via torrent, and they can each be fixed in their own unique way.

How to Fix a Torrent TCP IP Leak

Solution 1: Restart your BitTorrent client and re-add the magnet file

One of the most common causes of IP leaks when torrenting is beginning the torrent before connecting to a VPN server. Remove any torrents, close your BitTorrent client, and connect to a VPN server. Re-add the magnet files and retake our test once the VPN is connected and running.

Solution 2: Disable IPv6 or enable IPv6 protection

Some VPNs may only protect IPv4. In this instance, if you have an IPv6 address it can leak.

If your VPN has an option named something like ‘IPv6 Protection’, enable it. Similarly, if it has an option named ‘Disable IPv6’, try that. This will block all IPv6 connections, preventing any possible leaks.

Solution 3: Deactivate any proxy settings in the BitTorrent client

If your BitTorrent client is set to proxy via another device on your local network and that machine isn’t protected by your VPN then there is a chance that your IP address could leak.

Disable the proxy and retake our test – you can usually find proxy settings within your BitTorrent client’s connection settings menu.

How to Fix a Torrent UDP IP Leak

UDP leaks are highly uncommon, and all the solutions above for a TCP IP address torrenting leak can also be applied to fixing UDP IP address torrenting leaks.

While unlikely, there is one other scenario in which your VPN could be leaking your IP address via UDP, and that is that your VPN does not support it. In this instance there is nothing you can do other than change to a more competent VPN. We’ve listed our best VPNs for torrenting here.

If you experience a DNS leak while torrenting using a VPN, there is an easy solution you can try to fix it.

Before you attempt this solution, make sure that your VPN is running and connected to a server before you open up your BitTorrent client and before you add any torrent magnet files. It’s possible that your client could still use your ISP’s DNS if not.

You should also check that, if it has the option, your VPN is set to use first-party DNS servers. Once you’ve done so, you can attempt to fix the leak by changing your device’s DNS settings.

How to change your default DNS server to a public DNS server

By default, your device will use your ISP’s DNS servers to resolve DNS requests (even those coming from your BitTorrent client). This can result in your ISP identifying the torrent you are downloading. By switching to a public DNS server you can prevent this – we explain how further up the page.

It’s also vital that you still use your VPN while torrenting, even if you follow the above steps.

Once you’ve tested your VPN and fixed any leaks you may have found, it’s worthwhile taking some steps to minimize your chances of leaking data in the future.

To begin with, make sure that you’ve followed any relevant steps outlined above. This includes making sure your VPN blocks or supports IPv6 traffic, disabling Teredo, and if necessary, changing your settings to an independent DNS server.

Afterwards, consider the following steps to reduce your chances of VPN leaks:

1Block non-VPN traffic

Some VPN clients include a feature to automatically block any traffic traveling outside the VPN tunnel — often called IP-binding. If your provider has this option, make sure to enable it.

Alternatively, you can configure your firewall to only allow traffic sent and received via your VPN. You can find instructions for the Windows Firewall here, and for Mac here.

2Invest in VPN monitoring software

VPN monitoring software allows you to inspect your network traffic in real time. This means you can check for suspicious traffic and see if a DNS request is sent to the wrong server. Some variations also offer tools for automatically solving DNS leaks.

This software is rarely free, so will add an extra expense on top of your existing VPN subscription. Examples of VPN monitoring software include PRTG Network Monitor and Opsview Monitor.

3Use a different VPN

The perfect VPN will have IPv6 compatibility, DNS and WebRTC leak protection, the latest version of OpenVPN and the ability to bypass transparent DNS proxies.

A VPN kill-switch is another critical part of your VPN client. It will continuously monitor your network connection and make sure that your true IP address is never exposed in the event of a dropped connection.

If you’re repeatedly suffering from data leaks with your existing provider, it’s probably time to invest in a more reliable VPN service.