How to Test If Your VPN Is Actually Working — Step by Step
Why You Need to Test Your VPN
Connecting to a VPN and seeing the "Connected" badge is not enough. VPNs can leak your real IP address through DNS queries, WebRTC browser features, or misconfigured kill switches — all while showing a green checkmark in the app. These leaks silently expose your location, your ISP, and your browsing habits to anyone watching.
This tutorial walks you through seven concrete tests to verify your VPN is doing its job. Each step takes under a minute, and the entire process can be done from your browser.
Step 1: Connect to Your VPN
Open your VPN app and connect to any server. For the most realistic test, choose a server in a different country from your physical location. This makes it obvious whether your IP has actually changed.
Wait a few seconds after the app shows "Connected" before proceeding — some VPN protocols take a moment to fully establish the encrypted tunnel.
What to note: Write down or remember the country and city of the server you connected to. You'll need this to verify your test results.
Step 2: Check Your IP Address at ipleak.net
Open your browser and go to ipleak.net. The page loads automatically and shows your detected IP address at the top.
What passing looks like: The IP address shown should belong to your VPN server's location, not your real location. If you connected to a server in Amsterdam, the IP should geolocate to the Netherlands.
What failing looks like: If you see your real home IP address or your actual city/ISP name, your VPN connection is not working. Disconnect, reconnect, and test again. If the problem persists, switch VPN protocols (try NordLynx or WireGuard) and retest.
Step 3: Check the DNS Leak Section
Scroll down on ipleak.net to the DNS Address Detection section. This shows which DNS servers your device is using to resolve domain names.
What passing looks like: The DNS servers should belong to your VPN provider or be located in the same country as your VPN server. For example, if you use NordVPN, you might see DNS servers operated by NordVPN or by a hosting provider in the server's country.
What failing looks like: If you see DNS servers belonging to your ISP (like Telenor, Comcast, BT, etc.), you have a DNS leak. Your ISP can see every website you visit, even though your traffic is encrypted.
How to fix a DNS leak:
- In NordVPN: Go to Settings and make sure "Custom DNS" is turned off — NordVPN uses its own DNS by default.
- In ExpressVPN: DNS leak protection is automatic — try reconnecting or switching protocols.
- In Surfshark: Enable "Override GPS location" and ensure the kill switch is active.
- On any VPN: Go to your device's network settings and remove any manually configured DNS servers (like 8.8.8.8 or 1.1.1.1). These can bypass the VPN tunnel.
Step 4: Check for WebRTC Leaks
Still on ipleak.net, look for the WebRTC Detection section. WebRTC is a browser technology used for video calls and file sharing, but it can leak your real IP address even when connected to a VPN.
What passing looks like: The WebRTC section should either show your VPN's IP address or show no results at all.
What failing looks like: If your real local IP address (often starting with 192.168.x.x or 10.x.x.x) or your real public IP appears in the WebRTC section, you have a WebRTC leak.
How to fix a WebRTC leak:
- Firefox: Type about:config in the address bar, search for media.peerconnection.enabled, and set it to false.
- Chrome/Edge: Install the "WebRTC Leak Prevent" extension, or use your VPN's browser extension which typically blocks WebRTC automatically.
- Brave: Go to Settings > Privacy and security > WebRTC IP handling policy and select "Disable non-proxied UDP."
Step 5: Run an Extended DNS Leak Test
For a more thorough check, visit dnsleaktest.com and click the Extended Test button. This sends 36 DNS queries through different paths and reports every DNS server that responded.
What passing looks like: All results should point to servers operated by or associated with your VPN provider. You should see a consistent set of DNS servers, all in the same region as your VPN server.
What failing looks like: If any of the 36 results show your ISP's DNS servers mixed in with the VPN's servers, you have an intermittent DNS leak. This can happen when your operating system sends some DNS queries outside the VPN tunnel.
How to fix it: Enable the kill switch in your VPN app (this usually forces all traffic through the tunnel), and check that your VPN's DNS leak protection setting is enabled.
Step 6: Test the Kill Switch
The kill switch is your safety net — it cuts your internet connection if the VPN drops unexpectedly, preventing your real IP from being exposed. Many people never test this, but it is one of the most important features.
How to test it: 1. Connect to your VPN and open ipleak.net — confirm your VPN IP is showing. 2. Without closing the browser, force-close your VPN app (use Task Manager on Windows, or Force Quit on macOS — don't use the app's disconnect button). 3. Immediately refresh ipleak.net.
What passing looks like: The page should either fail to load entirely (the kill switch has blocked all internet access) or show an error. This means the kill switch is working correctly.
What failing looks like: If the page loads and shows your real IP address, the kill switch is not working. Your real IP was exposed the moment the VPN dropped.
How to fix it:
- Make sure the kill switch is actually enabled in your VPN settings — it is often disabled by default.
- NordVPN offers two kill switch modes: "App Kill Switch" (kills specific apps) and "Internet Kill Switch" (blocks all traffic). Use the Internet Kill Switch for full protection.
- On mobile, the kill switch may be labeled "Always-on VPN" in your device's system settings (Android) or handled automatically (iOS with IKEv2/WireGuard profiles).
Step 7: Verify on Mobile Devices
VPN leaks on desktop do not necessarily mean your phone is safe, and vice versa. Mobile devices have unique behaviors — they switch between Wi-Fi and cellular, and some apps bypass VPN tunnels entirely.
How to test on mobile: 1. Connect to your VPN on your phone. 2. Open Safari or Chrome and go to ipleak.net. 3. Check your IP, DNS, and WebRTC results exactly as you did on desktop. 4. Switch from Wi-Fi to cellular while the VPN is connected, wait five seconds, then refresh the page. Some VPNs drop the connection during network transitions.
What passing looks like: All results show VPN IP addresses across both Wi-Fi and cellular, with no DNS leaks.
What failing looks like: Your real IP or ISP DNS appears after switching networks. This means the VPN reconnects too slowly (or not at all) after a network change.
How to fix it: Enable auto-connect in your VPN app so it reconnects immediately after a network change. On Android, use the system-level "Always-on VPN" setting for extra reliability.
Summary Checklist
Run these tests periodically — especially after VPN app updates, OS updates, or router changes:
1. IP address matches VPN server location 2. DNS servers belong to VPN provider 3. No WebRTC leak detected 4. Extended DNS test shows clean results 5. Kill switch blocks internet when VPN drops 6. Mobile tests pass on both Wi-Fi and cellular
If all six pass, your VPN is working correctly. If any fail, address the specific issue before relying on the VPN for privacy.
Get NordVPN — Best Leak Protection → Try Surfshark — Built-in Leak Prevention →Reviewed by Thomas & Øyvind — NorwegianSpark. All tutorials are independently written and regularly updated. We test every step ourselves before publishing.