Which VPNs Leak Your Data? IP, DNS & WebRTC Leaks Explained (90+ Tested)

JP Jones - CTO @ Top10VPN

JP is our CTO and with over 25 years of software engineering and networking experience oversees all technical aspects of our VPN testing process. Read full bio

VPN leaks can expose your IP address and activity to anyone viewing your connection. Unless you know how to detect them, you may never know they’re happening. Find out which VPNs leak and how to test for leaks in this complete guide to VPN leaks.

Illustration of two characters trying to fix a leaking pipe.

Many VPN services that claim to protect your privacy are in fact leaking your IP address, DNS requests, and browsing history without you even knowing it.

Your VPN connection might seem safe: there are no notifications or errors, your provider has a strict no-logging policy, a great jurisdiction, and super-fast speeds. But your internet service provider (ISP), government, and anyone else looking at your traffic can still see absolutely everything you do online.

Unless you know how to detect these leaks, you might never find out that your VPN is leaking.

One study of free VPN applications found that over 80% of the VPNs tested leaked their users’ IP address. Our own study has confirmed that 25% of the most popular free Android VPN apps fail to protect users due to DNS and other leaks.

There is no room for error with VPN leaks: just one leaked data packet is enough to reveal your identity and activity to anyone viewing your connection

Which VPNs are actually worth your trust?

We tested 90 of the most popular VPN providers on the market for data leaks. Our research revealed that a significant number of widely-downloaded VPNs leak some kind of user data through DNS or WebRTC:

  • 19% leak user data in some form.
  • 16% leak DNS requests.
  • 6% leak your IP address through WebRTC.

We found leaks in as many as 17 of the 90 VPNs we’ve reviewed. That’s 19% of the ‘best’ VPNs on the market. For a list of all 90 VPNs and the data they leak, take a look at our VPN Leaks Comparison Table.

Fortunately, testing your VPN for leaks is quick and simple. In this guide we’ll explain exactly what VPN leaks are, how to test your VPN for leaks, and how to prevent VPN leaks in the future.

What Is a VPN Leak?

A VPN leak occurs when data that your VPN is supposed to protect — your IP address, DNS requests, and location, for example — is transmitted outside of the encrypted VPN tunnel.

VPN leaks allow your ISP, government, and any other third party monitoring your connection to determine your identity and activity.

Illustration of four types of VPN Leak

Most users will download a VPN to protect their online privacy and hide their true IP address. For this reason, a leaking VPN is fundamentally useless.

Here is a summary of the four main types of VPN leak:

  • IP Address leaks: IP leaks occur when your VPN fails to mask your personal IP address with one of its own. This is a significant privacy risk as your ISP and any websites you visit will be able to link your activity to your identity. For more information on IP leaks, skip to the section below.
  • DNS leaks: A VPN is supposed to route your DNS requests to its own DNS servers. If your VPN routes these requests to your ISP’s DNS servers instead, it’s called a DNS leak. This exposes your browsing activity and any websites you visit to any other eavesdroppers. You can find out more about DNS leaks here.
  • WebRTC leaks: WebRTC is a browser-based technology that allows audio and video communications to work inside web pages. WebRTC has clever ways of discovering your true IP address even if a VPN is on. The best VPNs block WebRTC requests. Alternatively, you can disable WebRTC completely at the browser level.

  • IPv6 leaks: IPv6 is a new form of IP address that is not currently supported by most VPNs. Unless a VPN supports or actively blocks IPv6, your personal IPv6 address can be exposed if you’re on an IPv6-enabled network. You can read more about IPv6 leaks here.

Why Is My VPN Leaking?

You undoubtedly want to keep your identity and activity private, so VPN providers market themselves accordingly. The truth is, however, that most VPN protocols were not actually designed with privacy in mind.

By default, most VPN protocols share reveal queries to default DNS servers. They leak IPv4 traffic when forced to reconnect, and they are usually completely oblivious to IPv6 traffic. Only the VPNs specifically developed to offset these problems will offer you protection.

Without proper protections your VPN can leak if:

  1. There is an interruption in network connectivity.
  2. You’re using WiFi and switch to a different network.
  3. You connect to a network that is fully IPv6 capable.
  4. Your DNS requests are sent outside of the encrypted VPN tunnel.
  5. You are using a VPN service or browser that does not provide adequate WebRTC protections.

We’ll now cover the different types of leak in detail. To find out which VPNs leak you can skip straight to our VPN Leaks Comparison Table. Alternatively, you can find out how to properly protect yourself from VPN leaks in the last chapter of this guide.

1What Is an IP Address Leak?

IP addresses are unique identifiers that are assigned to devices on a network. For the public internet, your ISP assigns an IP address to your network router, which all of your devices then connect to.

An IP leak happens when your VPN fails to mask your true IP address with one of its own, leaving your identity open and visible to all of the websites you visit.

IP address leak diagram

IP leaks occur when your device contacts the default server rather than the intermediary VPN server it was supposed to. This means that the websites or apps you’re using can see your real IP address instead of the one your VPN has assigned you.

If your IP address is leaking then your VPN is simply not doing its job. Your privacy is not protected and your online location remains the same, rendering the service essentially worthless.

If this is happening, you’ll need to choose a new VPN provider. You can find our recommendations for 2020 here.

2What Is a DNS Leak?

The Domain Name System (DNS) is responsible for translating URLs and domain names (like example.com) into actual IP addresses to connect to. In short, it ‘translates’ the numerical names of web servers into memorable words, and vice versa.

When you enter a URL into your browser to connect to a website, you first contact a DNS server which requests the IP address of that website. The server then sends your browser the ‘directions’ to the website you’re looking for.

If you’re not connected to a VPN, this process is carried out by your ISP’s DNS servers. This is a serious problem for privacy. Your DNS requests are essentially plain text records of the websites you visit. More often than not, ISPs will store these requests along with the IP addresses that make them.

If you live in the US, your DNS data might be shared with third parties or sold to advertising companies. In countries like the UK, Australia, and parts of Europe, this data is stored for several years and shared with authorities upon request.

When you connect to a functioning VPN, your device will use the DNS servers operated by the VPN service rather than your ISP. All of the traffic coming from your device, including your DNS requests, will be routed through the VPN network. This stops your ISP from seeing the websites you visit.

When DNS requests travel outside of the encrypted VPN tunnel to an unsecured DNS server instead, it’s called a DNS leak.

DNS Leak Diagram

DNS leaks expose your browsing habits to your ISP and any eavesdroppers, allowing them to log the websites you visit, files you download, and the apps you use. Anyone else viewing your connection will also see the location and IP address of your ISP.

Many VPNs provide inadequate DNS leak protection. Often, your DNS requests continue to route through your ISP’s servers, exposing the websites you visit

Your system might revert to unsecured DNS servers if your VPN is manually configured, you have changed your computer’s settings, or your VPN provider doesn’t provide adequate technical protection against leaks.

DNS leaks defeat the object of using a VPN. The content of your web traffic is still hidden by the VPN’s encryption, but your location and the websites you visit are left exposed and most likely recorded by your ISP. For more information, you can skip to How to Fix DNS Leaks.

3What Is a WebRTC Leak?

WebRTC leaks occur when your true IP address is exposed via your browser’s WebRTC functionality. These leaks can identify you even if your VPN is working correctly.

WebRTC stands for ‘Web Real-Time Communication’. It is a group of technologies that enable browsers to communicate directly with each other without an intermediate server. This allows for much faster speeds when using audio, video, and live streaming within your browser.

Two devices communicating directly via WebRTC need to know each others’ IP address. This means a website can exploit your browser’s WebRTC functionality to capture your true IP address, which could be used to identify you.

WebRTC Leaks Diagram

Efficient IP sharing is supposed to provide convenience and speed, so WebRTC uses several clever techniques to figure out your true IP address and bypass any obstacles that might prevent your real-time connection from taking place. Put simply, it allows browsers to gather your IP address simply by reading it off your device.

While often discussed in relation to VPN services, WebRTC leaks aren’t really flaws within your VPN or your browser — they are simply part of your browser’s design

In short, any site could execute a few Javascript commands to obtain your real IP address through your web browser, regardless of your VPN connection.

Chrome, Opera, Firefox, and Microsoft Edge are most susceptible to WebRTC leaks because they have WebRTC functionality enabled automatically.

We’ve also seen several VPN browser extensions suffer WebRTC leaks in Firefox since the browser’s latest update.

While any IP address leaks threaten your privacy and anonymity, WebRTC leaks are particularly worrying because they are so easily overlooked. In addition, not every VPN provider can protect you.

WebRTC leaks highlight a very important concept for those seeking privacy and anonymity online: the browser is usually the weak link. Luckily, there are some simple steps that can safeguard you against this problem.

For more information on how to disable WebRTC to prevent leaks, skip to the last chapter of this guide.

4What Is an IPv6 Leak?

IPv6 stands for ‘Internet Protocol version 6’. It is the most recent version of the Internet Protocol (IP) — otherwise known as the IP address — used to identify and locate computers on a network and route traffic across the internet.

IPv6 was designed to eventually replace IPv4 — the current and most widespread standard — after it became clear that IPv4 wasn’t going to be able to supply as many addresses as is needed.

IPv6 is being used by some networks and ISPs during the transition period from IPv4. Unless you have taken steps to disable it, you are probably sending and receiving IPv6 data every time you connect to the internet.

While IPv6 is the future, not all VPN providers currently support it, which leaves them vulnerable to leaks. Many VPNs only route IPv4 traffic through the encrypted VPN tunnel, leaving IPv6 traffic completely unprotected and sent to the open internet. This is called an IPv6 leak.

IPv6 Leak Diagram

IPv6 leaks are not uncommon. This is a serious problem, because IPv6 addresses are typically device-specific. With requisite authority, IPv6 data could be tied to your ISP, which could be readily used to identify you.

It’s important to choose a VPN service that provides a VPN-specific IPv6 address or blocks IPv6 traffic completely. If IPv6 traffic is not blocked, your VPN should provide an IPv6 DNS server that’s accessible only through the VPN tunnel.

For more information on how to prevent IPv6 leaks and to find out which VPNs offer IPv6 leak protection, you can skip straight to How to Fix IPv6 Leaks.

How to Test Your VPN for Leaks

Once you’ve set up your VPN application, it’s easy to turn it on and connect to the internet without any error messages. But how can you be sure that all of your traffic is actually being routed through the encrypted VPN tunnel?

To find out if your VPN is working as it should, there are two different levels of VPN leak test:

1Basic VPN Leak Test

You can run your own basic VPN leak test at home. It takes very little technical knowledge and you’ll be finished in a matter of minutes.

To conduct a basic test for VPN leaks, connect to your VPN and visit a test website. Here, you are testing to see how your VPN operates when your internet connection is stable and active.

You can try interrupting your connection in various ways to see how your provider copes with drops in network connectivity. This will detect any obvious issues, but it might not detect all leaks.

How to Test for IP, DNS, WebRTC, and IPv6 Leaks

To test your VPN for leaks:

  1. Visit a testing website like browserleaks.com and run the leak test when your VPN is disconnected. Note down your IP address and the address(es) of your ISP’s DNS servers.
  2. Before you connect to a VPN server, make sure to enable the VPN kill switch. This will prevent leaks during sudden VPN disconnections. Enable DNS, WebRTC, and IPv6 leak protection in your VPN application if possible.
  3. Connect to a VPN server and refresh the leak test page in your browser.
  4. If the VPN is working as it should, it will show a different figure for your true IP address and ISP’s DNS servers. You should be unable to see your Public IP address under ‘WebRTC Leak Test’, and unable to see your original IPv6 address.

The following screenshot shows a leak test of a PrivateVPN US Server. The red arrows mark the fields you should be paying attention to:

Screenshot of a browserleaks.com leak test.

Screenshot of browserleaks.com when connected to a PrivateVPN US server. No leaks were detected.

Your VPN is leaking if:

  • You can see your originating IP address or DNS servers.
  • You can see your true location, rather than the location of your VPN server.
  • You can see your originating IPv6 address.
  • You can see your public IP address under ‘WebRTC Leak Test’.

It’s important to note that the WebRTC leak test might show a local IP address. These local IPs are assigned to you by your router and are reused millions of times by routers across the world. If a third party collects this information, there is no way of linking it directly to you.

If you see a local IP address in the test results it is not a leak, nor is it a threat to your privacy. However, if you see your public IPv4 or IPv6 address under the WebRTC section, then this is indeed a WebRTC leak, as public IPs are highly specific to you.

VPN Testing Websites

Use the following testing sites to conduct a basic test for different types of leak:

If you’re looking to test for a certain type of leak, here’s a table of specific leak tests and the results you should get:

Leak Test Desired Result
IP Address Test IP address changes when VPN is connected.
IPv6 Address Test No IPv6 address detected, or IPv6 address changes when VPN is connected.
DNS Leak Test DNS server IP address(es) change when VPN is connected.
Java Test No Java plug-in found.
WebRTC Test Public IP address changes when VPN is connected.
Panopticlick (Browser Fingerprinting) Browser protects from fingerprinting. For more information, see our Guide to Private Browsers.

If your VPN has tested positive for leaks and you’d like to fix or prevent them, you can skip straight to our chapter on How to Fix VPN Leaks. If you’re still having trouble, it might be time to choose a new VPN provider.

2Advanced VPN Leak Test

It is possible to run more advanced VPN leak tests at home. While these tests will help you take a closer look at your VPN traffic, they will require significantly more technical knowledge.

How to Perform an Advanced VPN Leak Test

The best way to identify a leaking VPN is to use a testing suite. Once you’re set up, you can run a range of different tests to collect and inspect your VPN traffic.

Building a testing suite can be quite complex and will depend on the operating system you’re using. You can find free, open-source testing tools online on websites like GitHub.

ExpressVPN has an advanced testing suite used to check its apps for leaks. You can find this testing suite, along with a quick-start guide, available for free here.

Screenshot of ExpressVPN's VPN leak testing suite.

ExpressVPN’s open-source VPN leak testing tools.

Following ExpressVPN’s quick-start guide or one similar should reliably detect any leaks. If you don’t feel technically confident enough to follow their instructions, it’s sensible to choose a provider that has been independently reviewed and tested by a trusted third party.

If you’re seriously concerned about your online privacy and security, it’s wise to run some advanced tests with your VPN rather than relying solely on basic tests to detect any problems.

Which VPNs Leak Your Data? (90+ Tested)

illustration of two characters fixing a leaking server

We tested 90 of the most popular VPN services for data leaks.

Our research revealed that a significant number of VPNs leak some kind of user data through DNS or WebRTC:

  • 19% leak user data in some form.
  • 16% leak DNS requests.
  • 6% leak your IP address through WebRTC.

The following tables list all 90 VPNs and the specific types of data they leak. If you’re searching for a specific VPN, use Ctrl+F to find the provider you’re looking for.

If you’d like to skip these tables, you can jump straight to the next section on How to Fix VPN Leaks.

VPN Leak Tests 1-15

Provider Name SkyVPN AirVPN VPN 360 Buffered VPN Celo VPN Confirmed VPN Defence VPN FreeVPN.org Hidester VPN Hola Free VPN Mullvad VPN Proxy Master by HotspotVPN SuperVPN Free Yoga VPN Snap VPN
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks No No No No No Yes Yes No No No No No No Yes No
WebRTC Leaks No No No No No No No No No Yes No No No No No

*Leak detected when using the VPN’s browser extension or other custom application.

VPN Leak Tests 16-30

Provider Name Psiphon ProXPN Strong VPN Surfshark SwitchVPN ThunderVPN TouchVPN Trust.Zone Norton Secure VPN VPN.ac VPN99 AceVPN Anonymous VPN #VPN Astrill
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks No No No No No No No No No No Yes Yes No Yes No
WebRTC Leaks No No No No No No No Yes* No No No No No No No

*Leak detected when using the VPN’s browser extension or other custom application.

VPN Leak Tests 31-45

Provider Name Avast SecureLine VPN AVG Secure VPN Avira Phantom VPN AzireVPN Betternet Free VPN Bitdefender VPN BlackVPN BolehVPN CactusVPN CyberGhost DotVPN Encrypt.me ExpressVPN F-Secure Freedome FastestVPN
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks No No No No Yes* Yes No No No No No No No No No
WebRTC Leaks No No No No Yes* No No No No No No No No No No

*Leak detected when using the VPN’s browser extension or other custom application.

VPN Leak Tests 46-60

Provider Name FrootVPN GooseVPN Hide.me HideMyAss! Hotspot Shield HotVPN ibVPN IPVanish Ivacy IVPN Kaspersky Secure Connection Le VPN McAfee Safe Connect NordVPN OneVPN
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks No No No No No No No No No No No No Yes No No
WebRTC Leaks No No No No No No No No No No No No No No No

*Leak detected when using the VPN’s browser extension or other custom application.

VPN Leak Tests 61-75

Provider Name Perfect Privacy PersonalVPN Private Internet Access PrivateTunnel PrivateVPN ProtonVPN PureVPN SaferVPN Slick VPN mySteganos Online Shield SurfEasy TigerVPN TorGuard TunnelBear TurboVPN
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks No No No No No No No No No No No Yes No No No
WebRTC Leaks No No No No No No No No No No No No No No No

*Leak detected when using the VPN’s browser extension or other custom application.

VPN Leak Tests 76-90

Provider Name VPN.ht VPNArea VPNBook VPNhub Free VPN Proxy Master VPNSecure VPNShazam KeepSolid VPN Unlimited VyprVPN Webroot WiFi Security Windscribe Zenmate ZoogVPN X-VPN ZPN Free
IP Leaks No No No No No No No No No No No No No No No
DNS Leaks Yes No Yes No No No Yes No No No No No No No Yes
WebRTC Leaks No No No No No No Yes No No No No No No Yes* No

*Leak detected when using the VPN’s browser extension or other custom application.

How to Fix VPN Leaks

Illustration of two characters fixing a leaking pipe

If you’ve tested your VPN and found that it is leaking your data, you can follow these simple instructions to try and fix the problem.

1How to Fix IP Address Leaks

If your true IP address is leaking and your location is visible then your VPN simply isn’t doing it’s job. Your device is contacting the default server rather than the intermediary VPN server it is supposed to.

Generally speaking, the only way to prevent IP leaks is to use a high-quality VPN.

Be sure to invest in a VPN that offers a kill switch. This feature will block your internet traffic if the internet connection suddenly drops, preventing your real IP address and other personal data from leaking while the VPN connection is down.

You can usually find the kill switch feature in the settings menu of the VPN application. For a list of VPNs with kill switches that don’t leak your data, take a look at our recommendations at the end of this guide.

2How to Fix DNS Leaks

Your VPN could be leaking DNS traffic for a number of reasons. Luckily, there are a few simple ways to fix the most common issues behind DNS leaks.

1. Choose a Trusted VPN Service

The most effective way to fix DNS leaks is to pick a trusted VPN service that maintains its own zero-log DNS servers. The VPN should force all traffic to go through these first-party servers rather than any third-party alternatives.

It’s important to remember that some VPN providers require you to ‘switch on’ the DNS leak protection feature within the application’s settings. This will force DNS requests to go through the VPN’s own DNS servers.

Here are three VPNs that use their own secure DNS servers:

2. Configure Your Network to a Trusted DNS Server

When you connect to a new network you are automatically assigned a ‘default’ DNS server to resolve your DNS requests. If you connect to a VPN without the appropriate technical protections, your DNS requests can bypass the encrypted tunnel and forward to the default server, causing a DNS leak.

Many VPN providers have their own DNS servers that they will automatically connect to. In this case, the VPN application will usually be configured to use these servers by default, forcing your DNS requests through the VPN tunnel.

However, not all VPN providers have their own DNS servers. If you don’t want to switch VPN providers, you’ll need to use a third-party DNS server such as Google Public DNS or OpenDNS to allow your requests to go through the VPN rather than directly from your local network.

If you can’t set your VPN to automatically connect to the correct DNS server, you may have to manually connect to your preferred third-party DNS server. To do this, you will need to change your DNS settings.

To change your DNS Settings on Windows:

  1. Go to your control panel.
  2. Click Network and Internet.
  3. Click Network and Sharing Center.
  4. Click Change Adapter Settings on the left-hand panel.
  5. Right-click on the icon for your network and select Properties.
  6. Locate Internet Protocol Version 4 in the window that opens; click it, then click Properties.
  7. Click Use the following DNS server addresses.

    Screenshot of windows settings to change the default DNS server.

  8. Enter your preferred DNS server address. For Google Open DNS, the preferred DNS server should be, while the alternative DNS server should be You can find a list of alternative DNS options here.

3. Update Your OpenVPN Version

Some ISPs use a transparent DNS proxy – a ‘middleman’ that captures and redirects web traffic – to make sure your requests are sent to their own servers.

Transparent DNS proxies effectively ‘force’ a DNS leak without notifying the user. Luckily, most leak detection websites and online tools will be able to identify a transparent DNS proxy in the same way as a normal DNS leak.

The latest versions of the OpenVPN protocol have a simple method to tackle this problem:

  1. Find the ‘.ovpn’ or ‘.conf’ file for the server you’re trying to connect to. These files will be stored in folders on your machine, usually in ‘C:\Program Files\OpenVPN\’. For more information, read the OpenVPN manual.
  2. Once you’ve found it, open the file in an editing program like Notepad. Add: “block-outside-dns” to the bottom.

Update to the latest version of OpenVPN if you haven’t already. If your provider doesn’t support this or is using an older version of the protocol, it’s worth looking for a different VPN service.

Fortunately, most premium VPN services have their own solutions for tackling transparent proxies. For more details, contact your provider’s customer support service.

4. Change Your Windows Settings

Since the introduction of Windows 8, all Windows systems have the “Smart Multi-Homed Name Resolution” feature enabled by default. This feature sends out your DNS requests to every available DNS server — even with a VPN — and is designed to improve your web browsing speeds.

Any computers running Windows 10 or later will accept a response from the fastest DNS server to respond, regardless of who it belongs to. This greatly increases the incidence of DNS leaks.

This feature is an integral part of the Windows operating system and is therefore very difficult to change. If you’re using a Home Edition of Windows, Microsoft simply doesn’t allow you to turn off this feature.

If you’re using the OpenVPN protocol on Windows, you can find a free open-source plugin on GitHub to help solve this problem.

5. Disable Teredo

Teredo is another built-in feature of Windows operating systems designed by Microsoft to improve IPv4 and IPv6 compatibility.

Teredo helps IPv4 and IPv6 coexist by allowing IPv6 addresses to be transmitted and understood on IPv4 connections. However, because Teredo is a tunnelling protocol, it can sometimes take priority over your VPN’s encrypted tunnel, causing a DNS leak.

Teredo is easily disabled within the Windows operating system. Open command prompt and type: netsh interface teredo set state disabled

You can then press the Enter key to disable Teredo.

Screenshot of Windows command to disable Teredo.

How to disable Teredo on a Windows computer.

You might experience occasional issues with certain websites or servers when Teredo is disabled. That said, it is a much more secure choice for VPN users.

3How to Fix WebRTC Leaks

WebRTC leaks are primarily a browser issue. For that reason, fixing WebRTC leaks isn’t as simple as just subscribing to a good VPN.

If your VPN does offer a ‘Disable WebRTC’ feature — like ExpressVPN or Perfect Privacy — be sure to enable it. Remember that most WebRTC blocking features are found in VPN browser extensions rather than the desktop application.

If you are finding WebRTC leaks and your VPN doesn’t offer an option to block it, you will need to disable WebRTC in your browser settings.

Certain browsers like Google Chrome will not allow you to disable WebRTC. In this case, you will have to use a browser add-on or extension like WebRTC leak prevent or uBlock Origin. These aren’t always 100% effective, so using a browser that allows you to disable WebRTC is recommended. You can find our recommended browsers for privacy here.

Google Chrome does not give you the option to disable WebRTC. To protect your IP address from leaking, you can use the official extension WebRTC Network Limiter.

The steps to disabling WebRTC functionality will depend on the browser you’re using. Follow these simple instructions, or skip to our next chapter on How to Prevent VPN Leaks.

To Disable WebRTC in Firefox:

  1. Type about:config into your address bar and press Enter.
  2. Toggle media.peerconnection.enabled to false.
  3. To disable media devices, toggle media.navigator.enabled to false.
  4. Screenshot of Firefox settings to disable WebRTC.

    How to disable WebRTC in the Firefox browser.

Changing these settings completely disables WebRTC in Firefox, which should stop your real IP address from leaking.

To Disable WebRTC in Brave:

  1. Go to Preferences > Shields > Fingerprinting Protection > and then select Block all fingerprinting. This should take care of all WebRTC issues on desktop versions of Brave.
  2. Go to Preferences > Security > WebRTC IP Handling Policy > and then select Disable Non-Proxied UDP.
To Disable WebRTC in Safari:

  1. Go to Safari Preferences.
  2. Click on the Advanced tab.
  3. Check the box Show Develop menu in menu bar.
  4. Click on Develop in the menu bar. Under the WebRTC dropdown option uncheck Enable Legacy WebRTC API.
  5. Screenshot of Safari settings to disable WebRTC.

    How to disable WebRTC in the Safari browser.

4How to Fix IPv6 Leaks

If your VPN provider has full support for IPv6 traffic, then IPv6 leaks shouldn’t be an issue. These services will have implemented custom code to prevent IPv6 traffic from travelling outside the VPN tunnel.

Some VPNs without IPv6 support will instead have the option to block IPv6 traffic. NordVPN is an example of a popular provider that does this.

The majority of VPNs, however, will have no provisions for IPv6 at all and will therefore always leak IPv6 traffic.

If your VPN does not support IPv6 traffic and doesn’t give you the option to block it completely, you can disable IPv6 at the router or OS level:

To Disable IPv6 on Windows 10:

  1. Open the Network and Sharing Center from your computer’s settings.
  2. Select Change Adapter Settings.
  3. Right-click on the first local area connection you see in this window, and click Properties.
  4. Under General, uncheck the option Internet Protocol version 6 (IPv6).
  5. Apply these changes and repeat for any remaining network connections.
  6. Reboot your computer for these changes to take effect.

You can find out how to disable IPv6 on earlier versions of Windows here.

To Disable IPv6 on Mac OS:

  1. Open your system preferences and click on Network.
  2. Select your active WiFi or Ethernet network and click Advanced.
  3. Choose the TCP/IP tab.
  4. Toggle the Configure IPv6 menu and set it to Off.
  5. Click on OK to apply these changes and restart your computer.

Which VPNs Support IPv6?

Some VPN provider’s prevent IPv6 leaks by blocking IPv6 traffic altogether. These include:

While some VPNs block IPv6 traffic, others provide complete IPv6 support by assigning users both an IPv4 and IPv6 address. These include:

How to Prevent VPN Leaks

Once you’ve tested your VPN and fixed any leaks you may have found, it’s worthwhile taking some steps to minimize your chances of leaking data in the future.

To begin with, make sure that you’ve followed any relevant steps outlined in How to Fix VPN Leaks. This includes making sure your VPN blocks or supports IPv6 traffic, disabling Smart Multi-Homed Name Resolution and Teredo, and if necessary, changing your settings to an independent DNS server.

Afterwards, consider the following steps to reduce your chances of VPN leaks:

1 Block Non-VPN Traffic

Some VPN clients include a feature to automatically block any traffic travelling outside the VPN tunnel — often called IP-binding. If your provider has this option, make sure to enable it.

Alternatively, you can configure your firewall to only allow traffic sent and received via your VPN. You can find instructions for the Windows Firewall here, and for Mac here.

2 Invest in VPN Monitoring Software

VPN monitoring software allows you to inspect your network traffic in real time. This means you can check for suspicious traffic and see if a DNS request is sent to the wrong server. Some variations also offer tools for automatically solving DNS leaks.

This software is rarely free, so will add an extra expense on top of your existing VPN subscription. Examples of VPN monitoring software include PRTG Network Monitor and Opsview Monitor.

3Use a Different VPN

The perfect VPN will have IPv6 compatibility, DNS leak protection, the latest version of OpenVPN and the ability to bypass transparent DNS proxies.

A VPN kill-switch is another critical part of your VPN client. It will continuously monitor your network connection and make sure that your true IP address is never exposed in the event of a dropped connection.

If you’re consistently suffering from data leaks with your current provider, consider subscribing to a better VPN service.

Verified No-Leak VPN Services

Investing in a reliable and high-quality VPN is the simplest and most important decision you can make if you’re concerned about data leaks. If you’re looking for an all-round premium VPN, you can find our latest VPN recommendations here.

The following VPN services will reliably protect you against leaks in every scenario. This includes reconnections and interruptions, transparent DNS proxies, IPv6-enabled networks and VPN crashes.

  • ExpressVPN: Provides a range of leak protection settings and a wide selection of applications for different devices. When configured correctly, ExpressVPN blocks all IPv6 traffic.
  • Mullvad VPN: MullvadVPN offers advanced leak protection settings along with full IPv6 support.

Whichever VPN you choose, it’s sensible to regularly test your provider for leaks and other issues, especially after any updates.

About the Author

  • JP Jones - CTO @ Top10VPN

    JP Jones

    JP is our CTO and with over 25 years of software engineering and networking experience oversees all technical aspects of our VPN testing process. Read full bio