How to Verify Your VPN Is Working (Leak Tests)
7 min · Updated July 13, 2026
A VPN can show “Connected” while quietly leaking your real IP through WebRTC or sending DNS queries straight to your ISP. This guide walks through each major leak type, how to test for it with free third-party tools, and how to tell a real leak from a false positive.
Step 1: Check your IP before and after connecting
The baseline test:
- Disconnect the VPN and visit any “what is my IP” site. Note your real IP and location.
- Connect to OmnixVPN.
- Refresh the page. You should now see the VPN server’s IP and location.
If your real IP still shows, the VPN isn’t routing your browser. Confirm the app actually shows connected, then check per-app routing; a browser sitting in a bypass rule is the most common cause.
Step 2: Run a DNS leak test
DNS is where your device translates domain names into addresses. If those queries bypass the tunnel, your ISP still sees every site you visit, even with your IP hidden.
While connected, visit dnsleaktest.com and run the extended test. Only resolvers belonging to the VPN should appear. If servers labeled with your ISP’s name show up, work through these fixes:
- Check your browser’s secure DNS setting; a pinned DNS-over-HTTPS provider overrides the tunnel.
- Check for manual DNS overrides: System Settings → Network → DNS on macOS, or the adapter’s DNS settings on Windows.
- Disconnect and reconnect, then retest. If the leak persists, contact support.
Step 3: Test for WebRTC leaks
WebRTC is a browser feature that can reveal your real IP through JavaScript even when the tunnel is working for everything else.
While connected, visit browserleaks.com/webrtc or ipleak.net and check the addresses shown. Addresses like 192.168.x.x or 10.x.x.x are your local network, not a leak. Your real public IP appearing is a leak. To fix one:
- Chrome: install uBlock Origin and enable “Prevent WebRTC from leaking local IP addresses”
- Firefox: in about:config, set
media.peerconnection.enabledtofalse - Brave: Settings → Privacy and security → WebRTC IP Handling Policy → “Disable non-proxied UDP”
Step 4: Check what happens when the connection drops
Every VPN connection drops occasionally: network switches, sleep/wake cycles, weak Wi-Fi. It’s worth knowing how your device behaves in that gap:
- Connect the VPN and start a continuous ping (
ping -t 8.8.8.8on Windows,ping 8.8.8.8on macOS). - Disable your Wi-Fi adapter in the OS network settings, not in the VPN app.
- Re-enable it and watch the ping resume.
If traffic flows again before the VPN finishes reconnecting, that window uses your real IP. Enable auto-reconnect in the app, and after any unexpected drop, wait for the connected status before resuming sensitive activity.
Step 5: Interpret your results
Common false positives:
- Private addresses (192.168.x.x, 10.x.x.x, 172.16-31.x.x) in WebRTC results. They don’t reveal location or identity.
- VPN DNS server IPs that differ from your exit server’s IP. Providers typically run DNS on separate machines.
- An IPv6 address you don’t recognize. If it isn’t the VPN’s, your ISP’s IPv6 path may be bypassing the tunnel; disable IPv6 in your OS network settings or ask support.
Real leaks: your ISP’s name appearing in DNS results, or the exact real IP you noted in step 1 appearing in an IP or WebRTC test.
Common mistakes
- Testing only your IP. DNS leaks are more common and much easier to miss.
- Testing from a browser that’s in your per-app bypass list; those results show your real connection by design.
- Assuming one clean test lasts forever. Retest after major OS or app updates, which can reset network settings.
Frequently asked questions
How often should I run leak tests?
Run the full set after installing or updating the VPN app, after major OS updates, and the first time you connect on a new type of network, such as hotel or corporate Wi-Fi. A complete round takes under five minutes with free tools.
Which testing tools should I use?
Use dnsleaktest.com for DNS and ipleak.net or browserleaks.com for a combined IP, DNS, and WebRTC check. All are free, run in the browser, and are independent of any VPN provider, so the results aren’t marketing.
Everything tests clean but I still feel exposed. Now what?
Trust the tests: if IP, DNS, and WebRTC results show only VPN infrastructure, the tunnel is doing its job. Remaining exposure usually comes from things a VPN can’t fix (logged-in accounts, browser fingerprinting, tracking cookies), which need separate tools.