How to Fix IP, DNS & Torrent VPN Leaks

3 comments
JP Jones - CTO @ Top10VPN
3 comments

JP is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process. Read full bio

An illustration of how to fix a leaky VPN

Investing in a reliable and secure VPN is the simplest and most important decision you can make if you’re concerned about your privacy online.

If you’ve tested your VPN and found IP, DNS, or WebRTC leaks, you can follow the instructions in this guide to fix them.

If you’re consistently suffering from data leaks with your current VPN provider, you should also consider subscribing to a better VPN service.

Once you’ve fixed any leaks you may have found, make sure you revisit our VPN & Torrent IP leak test to double-check the results and identify any further issues.

To test your VPN and learn about leaks in detail, try our VPN & Torrent IP Leak Test.

How to Fix IP Leaks

If your true IP address is leaking and your location is visible, your VPN simply isn’t doing its job. Your device is contacting the default server rather than the intermediary VPN server it is supposed to.

Fixing an IP leak will depend on the type of IP address you’ve been assigned. Generally speaking, the only way to prevent IPv4 leaks is to use a high-quality VPN. By contrast, IPv6 leaks can usually be resolved in your device’s settings.

It’s important to use a VPN with a kill switch, too. This feature will block your traffic if the internet connection suddenly drops, preventing your real IP address from leaking while the VPN service is down.

How to Fix IPv4 Leaks

An IPv4 leak is the easiest VPN leak to fix. Here’s what to do:

  1. Make sure that your VPN is turned on.
  2. Ensure your web browser isn’t being split-tunneled by your VPN.
  3. Open up a new browser window and visit our leak test tool to restart the test.

If your IPv4 address is still leaking then your VPN is simply not working and you should find a better provider. It may sound harsh, but if a VPN cannot protect your IPv4 address then it is essentially useless.

How to fix IPv6 Leaks

Unless a VPN supports or actively blocks IPv6, your personal IPv6 address can be exposed if you’re on an IPv6-enabled network.

The majority of VPNs will have no provisions for IPv6 at all and will therefore always leak IPv6 traffic.

If you have an IPv6 address that is being leaked by your VPN, try these steps:

  1. Make sure that your VPN is turned on.
  2. Ensure your web browser isn’t being split-tunneled by your VPN.
  3. Check your VPN’s settings menu for any options that feature phrasing like ‘IPv6 Leak Protection’ and ensure that it is enabled.
  4. Open up a new browser window and visit our leak test tool to restart the test.

If your IPv6 address is still leaking you have two choices: either find a new VPN or disable IPv6 on your computer.

To disable IPv6 on a Windows 10 PC:

  1. Right-click on the Network or WiFi icon in your system tray and click Open Network & Internet settings.
    Where to find the internet settings menu in Windows 10
  2. Select Change adapter options.
    Windows 10 advanced network settings menu
  3. You will be presented with a list of all your computer’s adapters. Find the one that you’re currently using to connect to the internet. Right-click on it, then click Properties.
    The Windows 10 network connections menu
  4. The new window will open on the Network tab. Scroll down until you see an option labelled Internet Protocol Version 6 (TCP/IPv6). Uncheck the box next to it, click OK and then restart your computer.
    Where to find IPv6 in the Windows 10 network connections menu
  5. Once your computer has rebooted, run our leak test again to make sure the issue is resolved.

To disable IPv6 on an Apple MacOS device:

Disabling IPv6 on MacOS involves using the terminal:

  1. Browse to Finder > Applications > Utilities Folder > Terminal.
  2. If you are connected via WiFi enter this: networksetup -setv6off Wi-Fi then press Enter.
  3. If you are connected via Ethernet enter this: networksetup -setv6off Ethernetthen press Enter.
  4. You can then close Terminal and run our leak test again to make sure the issue is resolved.

To disable IPv6 on an Apple iOS or Google Android device:

You cannot disable IPv6 on iPhone or iPad at a system level, nor Android unless your device is rooted or you download a third-party app, which we wouldn’t recommend. You will have to trust your VPN app to prevent IPv6 leaks and, if it is unable to do so, consider replacing it.

How to Fix DNS Leaks

Your VPN could be leaking DNS traffic for a number of reasons. Luckily, there are a few simple ways to fix the most common issues behind DNS leaks.

First of all, the DNS leak may be a false positive. If you have manually set your device’s DNS to one belonging to a third-party service like Google’s, then you can ignore this result.

Alternatively, many VPNs simply provide inadequate DNS leak protection. The most effective way to fix DNS leaks is to pick a trusted VPN service that maintains its own zero-log DNS servers.

The VPN should force all traffic to go through these first-party servers rather than any third-party alternatives.ExpressVPN and NordVPN are just two of the many excellent VPNs which operate their own DNS servers.

If you don’t want to switch VPN providers, you’ll need to use a third-party DNS server such as Google Public DNS or OpenDNS to allow your requests to go through the VPN rather than directly from your local network.

Change Your DNS Settings

If your VPN doesn’t automatically connect to a private DNS server, you may have to manually connect to your preferred third-party DNS server. To do this, you will need to change your DNS settings.

We recommend choosing a third-party DNS server that does not reveal your true location, such as Google’s freely-available public DNS.

To change your DNS settings on Microsoft Windows 10:

  1. Right-click on the Network or WiFi icon in your system tray and click Open Network & Internet settings.
    Where to find the internet settings menu in Windows 10
  2. Select Change adapter options.
    Windows 10 advanced network settings menu
  3. You will be presented with a list of all your computer’s adapters. You want to find the one you’re currently using to connect to the internet (for example ‘Home Wi-Fi’, or whatever your network is called). Right-click on it, then click Properties.
    The Windows 10 network connections menu
  4. The new window will open on the Network tab. There will be one option labelled Internet Protocol Version 4 (TCP/IPv4) and another labelled Internet Protocol Version 6 (TCP/IPv6). Select Internet Protocol Version 4 (TCP/IPv4) then click Properties.
    The Windows 10 internet connection properties menu
  5. You will see two checkboxes towards the bottom of the window, one labelled Obtain DNS server automatically and one labelled Use the following DNS server addresses – click on the second option.
  6. The two previously grayed-out text fields should now be white. In the Preferred DNS server field enter 8.8.8.8. In the Alternative DNS server field enter 8.8.4.4. This will set your DNS to Google’s. You can find a list of alternative DNS options here.
    How to manually set your DNS in Windows 10
  7. If your router is also IPv6 compatible, repeat steps 4-6 but for the Internet Protocol Version 6 (TCP/IPv6) option.
  8. Rerun a leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Apple MacOS:

  1. Open System Preferences then select Network.
    The System Preferences menu on MacOS
  2. A list of network adapters will appear on the left-hand side of the window. The one which is currently in use will have a green dot by it. Select it, then click on Advanced.
    The network settings menu on MacOS
  3. Click on the DNS tab. The left-hand side of the window will now show a list of your DNS servers. Click the + icon in the bottom-left-hand corner.
    How to add new DNS servers to MacOS
  4. Enter 8.8.8.8 and press the Enter key. This should now have replaced the greyed-out default DNS server that was previously at the top of the list (or the only item in it).
  5. Click the + icon again and enter 8.8.4.4, then press the Enter key. Your DNS will now be changed to Google’s.
    A screenshot of public DNS servers set up on MacOS
  6. Run a leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Apple iOS:

  1. Open the Settings app.
    iOS settings menu
  2. Tap on Wi-Fi. On the far right-hand side of the network you’re connected to you’ll see a small ‘i’ inside of a circle – tap it.
    iOS WiFi menu
  3. Scroll down to the DNS section and tap on Configure DNS. By default this will be set to Automatic – tap Manual > Add Server then enter 8.8.8.8, 8.8.4.4 and tap Save.
    How to manually set your DNS on iPhone and iPad
  4. Try a VPN leak test to check the leak is resolved and find any additional issues.

To change your DNS settings on Google Android:

  1. Open the Settings app.
    The main settings menu on Android OS
  2. Tap on Connections > More connection settings > Private DNS.
    The connections sub-menu on Android
  3. Check the box next to Private DNS provider hostname. In the field below type in dns.google and tap Save.
    Android DNS settings menu
  4. Run another leak test to check the leak is resolved and find any additional issues.

Update Your OpenVPN Version

Some ISPs use a transparent DNS proxy – a ‘middleman’ that captures and redirects web traffic – to make sure your requests are sent to their own servers.

Transparent DNS proxies effectively ‘force’ a DNS leak without notifying the user. Luckily, most leak detection websites and online tools will be able to identify a transparent DNS proxy in the same way as a normal DNS leak.

The latest versions of the OpenVPN protocol have a simple method to tackle this problem:

  1. Find the .ovpn or .conf file for the server you’re trying to connect to. These files will be stored in folders on your machine, usually in C:\Program Files\OpenVPN\. For more information, read the OpenVPN manual.
  2. Once you’ve found it, open the file in an editing program like Notepad. Add: block-outside-dns to the bottom.
    How to manually edit your OpenVPN configuration file
  3. Rerun our leak test to check the leak is resolved and find any additional issues.

Update to the latest version of OpenVPN if you haven’t already. If your provider doesn’t support this or is using an older version of the protocol, it’s worth looking for a different VPN service.

Fortunately, most premium VPN services have their own solutions for tackling transparent proxies. For more details, contact your provider’s customer support service.

Disable Teredo

Teredo is a built-in feature of Windows operating systems designed by Microsoft to improve IPv4 and IPv6 compatibility.

Teredo helps IPv4 and IPv6 coexist by allowing IPv6 addresses to be transmitted and understood on IPv4 connections. However, because Teredo is a tunnelling protocol, it can sometimes take priority over your VPN’s encrypted tunnel, causing a DNS leak.

Teredo is easily disabled within the Windows operating system. Here’s how:

  1. Open Command Prompt and type netsh interface teredo set state disabled
    How to use Windows Command Prompt to disable Teredo
  2. Press the Enter key to disable Teredo.
  3. Redo our leak test to check the leak is resolved and find any additional issues.

You might experience occasional issues with certain websites or servers when Teredo is disabled. That said, it is a much more secure choice for VPN users.

How to Fix WebRTC Leaks

WebRTC leaks are primarily a browser issue. For that reason, fixing WebRTC leaks isn’t always as simple as just subscribing to a good VPN.

If your VPN does offer a ‘Disable WebRTC’ feature — like ExpressVPN or Perfect Privacy — be sure to enable it. Remember that most WebRTC blocking features are found in VPN browser extensions rather than the desktop application.

If you are finding WebRTC leaks and your VPN doesn’t offer an option to block it, you will need to disable WebRTC in your browser settings.

Here’s how to disable WebRTC in some of the most popular desktop web browsers:

To Disable WebRTC in Google Chrome or Microsoft Edge:

You cannot disable WebRTC directly within Google Chrome or Microsoft Edge. We advise that you either use a different browser or install an extension that does it for you. Our favorites are WebRTC Leak Prevent (click here for Chrome) and uBlock Origin (click here for Chrome or here for Edge).

These aren’t always 100% effective, so using a browser that allows you to disable WebRTC is recommended. You can find our recommended browsers for privacy here.

To Disable WebRTC in Mozilla Firefox:

  1. Type about:config into your address bar and press Enter. Click the Show All button.
    How to see all the advanced options in Firefox
  2. Toggle media.peerconnection.enabled to false.
    The WebRTC menu option in Firefox
  3. To disable media devices, toggle media.navigator.enabled to false.
    The second WebRTC option in Firefox
  4. Perform a VPN leak test to make sure the issue is resolved.

To Disable WebRTC in Apple Safari:

  1. Click Safari then Preferences.
    Where to find the Preferences menu in Safari
  2. Click on the Advanced tab, then check the box labeled Show Develop menu in menu bar.
    How to enable the Develop menu in Apple Safari
  3. Click on Develop in the menu bar. Under the WebRTC dropdown option uncheck Enable 2Legacy WebRTC API. If this option is grayed out for you then everything is fine and you’re all set.
    How to disable WebRTS in Safari
  4. Try our VPN leak test tool again to make sure the issue is resolved.

To Disable WebRTC in Opera:

  1. Type about:config into your address bar and press Enter.
  2. Go to Settings > Advanced > Privacy & security. Scroll down until you see WebRTC and check Disable non-proxied UDP and save your changes.
    The WebRTC settings menu in Opera browser
  3. Revisit our VPN leak test tool to make sure the issue is resolved.

To Disable WebRTC in Brave:

  1. Open the menu in the top-right-hand corner and click Settings > Shields > Fingerprinting Blocking and then select Strict, may break sites. If you do find it adversely affecting any sites you commonly use and trust then you can revert it to the Standard setting.
    How to block fingerprinting in Brave browser
  2. Now in the left-hand menu click Additional Settings > Privacy and security and change the dropdown menu option next to WebRTC IP Handling Policy to Disable Non-Proxied UDP.
    How to disable WebRTC in Brave browser
  3. Retry a VPN leak test to make sure the issue is resolved.

How to Fix HTML5 Geolocation Leaks

If your real location is still visible on the map then there are two possibilities. One is that your real IPv4 or IPv6 address is still leaking. Please follow the steps outlined above in order to fix this.

If the problem persists, then it is likely that HTML5 geolocation is revealing your true location. This can happen as it uses techniques for determining your location that can’t be protected by a VPN. For example it can detect WiFi hotspots near you or use cellular data to triangulate your longitude and latitude. It can also look at local information from your router.

To fix these location leaks you need to disable HTML5 geolocation in your browser, or use the ExpressVPN browser extension, which has built-in HTML5 geoleak protection.

To disable HTML5 geolocation in Google Chrome:

  1. Click on the menu button in the top right-hand corner of Chrome, then click Settings.
    The main menu in Google Chrome
  2. Scroll down to the Privacy and security section and click Site settings.
    The privacy and security menu in Chrome
  3. Scroll down to Permissions and click on Location.
    The location permissions menu in Chrome
  4. Ensure that Ask before accessing (recommended) is toggled to on.
    How to toggle HTML5 geolocation access in Chrome

This won’t disable it entirely but will instead give you the choice of enabling or disabling HTML5 geolocation for each individual website you visit.

To disable HTML5 geolocation in in Mozilla Firefox:

  1. Open Firefox and type about:config into the address bar and press Enter. Click the button labeled Show All.
    How to see all the advanced options in Firefox
  2. Type geo.enabled into the search bar and press Enter.
  3. A bar will appear labeled geo.enabled. Double-click it so that it now says false.
    The menu toggle for HTML5 geolocation in Firefox

To disable HTML5 geolocation in Apple Safari:

  1. Click the Safari menu button in the top left-hand corner, then click Preferences.
    Where to find the Preferences menu in Safari
  2. Click on the Privacy tab, then next to Website Tracking check the box labeled Prevent Cross-site tracking.
    How to prevent tracking in Safari

To disable HTML5 geolocation in Microsoft Edge:

  1. On your Windows PC press Win + A. This will open up the Action Center on the right-hand side of your screen
  2. Right click on Location and then click Go to Settings.
    The Windows Action Centre Location item
  3. Scroll down to the Allow apps to access your location section and change the slider to the Off position.
    How to toggle your location access settings in Windows 10
  4. Scroll down further to the Location history section and click Clear.
    How to clear the location history on your Windows 10 device

To disable HTML5 geolocation in Opera:

  1. Open Opera and type about:config into the address bar and press Enter.
  2. Click Advanced in the left-hand menu, then click Privacy & security.
    How to access site settings in Opera
  3. Click Site Settings then Location.
    The HTML5 geolocation menu item in Opera
  4. Toggle the slider next to Ask before accessing (recommended) to Off.
    The location toggle in Opera browser

Once you’ve carried out whichever steps are relevant for you and your browser, make sure you clear the cache, cookies, and history.

How to Disable Flash

Flash is outdated, a security risk, and will soon be completely removed from all popular browsers. If our test has told you that Flash is still enabled in your browser, follow these steps to disable it.

To Disable Flash in Google Chrome:

  1. Open the menu, then navigate to Settings > Privacy and security > Flash.
    How to access Flash settings in Chrome
  2. Check that the toggle is in the left-hand position: Block sites from running Flash.
    The toggle to disable Flash in Chrome

To Disable Flash in Mozilla Firefox:

  1. Open the menu and select Add-ons > Plugins.
    The Mozilla Firefox plugins menu
  2. Look for Shockwave Flash and select Options.
  3. At the bottom of the next screen, check the box next to Enable Adobe Flash protected mode.

If you have only recently installed the browser for the first time then Shockwave Flash may not actually be listed as a plugin. In this case, you have nothing to worry about and can ignore steps two and three.

To Disable Flash in Microsoft Edge:

  1. Open the menu and click Settings, then click Cookies and site permissions.
    The main menu in Microsoft Edge browser
  2. Click on the option labeled Adobe Flash.
    The Adobe Flash menu item in Edge
  3. Toggle the switch under Use Adobe Flash Player to the Off position.
    How to toggle Flash in Edge

To Disable Flash in Apple Safari:

Flash is now disabled by default in Safari – you don’t need to do anything.

To Disable Flash in Opera:

  1. Copy and paste opera://settings/content/flash?search=flash into the search bar, then hit Enter.
  2. Make sure that the toggle next to Allow sites to run Flash is set to Off.
    How to toggle Flash in Opera browser

There are plenty of security flaws that arise from having Flash enabled, including the potential exposure of your IP address, so be sure to leave it disabled.

How to Fix a Data Center IP

If your IP address has been identified as belonging to a data center, that almost certainly means that your VPN is running. This type of leak won’t necessarily expose your identity, but it will reveal the fact you’re using a VPN.

IP addresses can be identified by the type of connection they’re used for. Your standard home or mobile connection will be labelled as a residential IP address, as you’re a normal person using a normal amount of data.

IP addresses belonging to data centers are easy to identify due to the huge amounts of data that flow to and from them at all times of day. Most VPN IP addresses will fall into this category.

To fix this, simply turn off your VPN or proxy.

How to Fix Torrent IP Leaks (TCP & UDP)

If you use a VPN while torrenting then you need to make sure that your BitTorrent client isn’t leaking your IP address. This is something that can happen even if your VPN is working as intended with other apps and web browsing.

A torrent IP leak can occur from two sources: TCP and UDP. These are the two protocols used when you download a file via torrent, and they can each be fixed in their own unique way.

How to Fix a Torrent TCP IP Leak

Solution 1: Restart your BitTorrent client and re-add the magnet file

One of the most common causes of IP leaks when torrenting is beginning the torrent before connecting to a VPN server. Remove any torrents, close your BitTorrent client, and connect to a VPN server. Re-add the magnet files and retake our test once the VPN is connected and running.

Solution 2: Disable IPv6 or enable IPv6 protection

Some VPNs may only protect IPv4. In this instance, if you have an IPv6 address it can leak.

If your VPN has an option named something like ‘IPv6 Protection’ ensure that it is enabled. Similarly, if it has an option named ‘Disable IPv6’, try that. This will block all IPv6 connections, preventing any possible leaks.

Solution 3: Deactivate any proxy settings in the BitTorrent client

If your BitTorrent client is set to proxy via another device on your local network and that machine isn’t protected by your VPN then there is a chance that your IP address could leak.

Disable the proxy and retake our test – you can usually find proxy settings within your BitTorrent client’s connection settings menu.

How to Fix a Torrent UDP IP Leak

UDP leaks are highly uncommon, and all of the above solutions for a TCP IP address torrenting leak can also be applied to fixing UDP IP address torrenting leaks.

While unlikely, there is one other scenario in which your VPN could be leaking your IP address via UDP, and that is that your VPN does not support it. In this instance there is nothing you can do other than change to a more competent VPN. We’ve listed our best VPNs for torrenting here.

How to Fix Torrent DNS Leaks

If you experience a DNS leak while torrenting using a VPN, there is an easy solution you can try to fix it.

Before you attempt this solution, make sure that your VPN is running and connected to a server before you open up your BitTorrent client and before you add any torrent magnet files. It’s possible that your client could still use your ISP’s DNS if not.

You should also check that, if it has the option, your VPN is set to use first-party DNS servers. Once you’ve done so, you can attempt to fix the leak by changing your device’s DNS settings.

How to change your default DNS server to a public DNS server

By default your device will use your ISP’s DNS servers to resolve DNS requests (even those coming from your BitTorrent client). This can result in your ISP identifying the torrent you are downloading. By switching to a public DNS server you can prevent this – we explain how further up the page.

It’s also vital that you still use your VPN while torrenting, even if you follow the above steps.

Preventing VPN Leaks

Once you’ve tested your VPN and fixed any leaks you may have found, it’s worthwhile taking some steps to minimize your chances of leaking data in the future.

To begin with, make sure that you’ve followed any relevant steps outlined above. This includes making sure your VPN blocks or supports IPv6 traffic, disabling Teredo, and if necessary, changing your settings to an independent DNS server.

Afterwards, consider the following steps to reduce your chances of VPN leaks:

1Block non-VPN traffic

Some VPN clients include a feature to automatically block any traffic travelling outside the VPN tunnel — often called IP-binding. If your provider has this option, make sure to enable it.

Alternatively, you can configure your firewall to only allow traffic sent and received via your VPN. You can find instructions for the Windows Firewall here, and for Mac here.

2Invest in VPN monitoring software

VPN monitoring software allows you to inspect your network traffic in real time. This means you can check for suspicious traffic and see if a DNS request is sent to the wrong server. Some variations also offer tools for automatically solving DNS leaks.

This software is rarely free, so will add an extra expense on top of your existing VPN subscription. Examples of VPN monitoring software include PRTG Network Monitor and Opsview Monitor.

3Use a different VPN

The perfect VPN will have IPv6 compatibility, DNS and WebRTC leak protection, the latest version of OpenVPN and the ability to bypass transparent DNS proxies.

A VPN kill-switch is another critical part of your VPN client. It will continuously monitor your network connection and make sure that your true IP address is never exposed in the event of a dropped connection.

If you’re repeatedly suffering from data leaks with your existing provider, you should consider investing in a more reliable VPN service.

About the Author


  • JP Jones - CTO @ Top10VPN

    JP Jones

    JP is our CTO. He has over 25 years of software engineering and networking experience, and oversees all technical aspects of our VPN testing process. Read full bio