VPN vulnerabilities and how to check and prevent them

Most users use virtual private networks (VPNs) to encrypt data. But did you know that there are some VPN services that leak sensitive information of users? So what can you do to block VPN leakage? The article will give you some information, how to check and prevent VPN leakage.

What information does VPN leak?

As mentioned, most VPNs will encrypt the data you send through their connection. So information such as credit card numbers and passwords are safe (of course there are exceptions). However, if you also send other information via this connection may not be encrypted. The two biggest information is the IP address and DNS request.

IP address leak

An IP address is a unique identifier for other computers on the Internet to identify who you are. In many cases, it's not a big security risk, someone with your IP address doesn't mean they can hack you.

However, it can be a privacy risk. Your IP address gives other computers lots of information about you. Below is the result of an IP address test when not connected to VPN:

If someone receives an IP address, they can find your network service provider and location. And this is not a big deal, but this information can be used to steal your identity. IP address protection to ensure other computers do not know where you live and that is definitely a benefit of protecting your privacy.

1. How to check geographical location via IP

Websites can also use IP addresses to prevent users from accessing content like on a live streaming site.

DNS leak

Why do you use VPN? One reason is that users do not want to let the service provider (or someone else) know the site is going to be accessed. You are afraid of censorship, checking from service providers or even government oversight.

Users will think that no one can see the website they visit if the data is sent via VPN encrypted. Although this is true, there is a possible exception.

When accessing a website, you will first send a request to the DNS server. This request simply states that you want to access the quantrimang.com website, so what is the IP address (although DNS can do more than that). The DNS server will respond with an IP address and create a connection.

1. Network basics: Part 3 - DNS Server

Some VPN services send these DNS requests over unencrypted channels. This means that everything you do on the site is encrypted, but if someone does a strong enough search, they may know that you are requesting the TipsMake.com IP address.

How to check for IP address leaked VPN

To find out if VPN has leaked your IP address, you need to perform a VPN leak check. First, record your IP address (if you don't know, you can search your IP address on Google).

1. Instructions on how to determine the IP address on the computer

Next, connect to the VPN and make sure to connect to the server in another city or country. Then run the VPN leak test. There are many websites that offer this test, but astrill.com/vpn-leak-test is the best site. Go to the page and select Run full test :

This test will take a few minutes, after which you will see results. If the IP address listed in the result is the same as the one you received before the VPN connection, it means that your service has leaked the IP address.

You will notice that many VPN leak tests, including the one provided by Astrill, will display your IPv4 and IPv6 addresses. One thing to note is that some VPNs do not protect traffic from IPv6 addresses, so be sure to take steps to hide both addresses. Refer to the article How to hide IP address for how to do it.

If the Astrill check is green and it does not display your real IP address, your VPN is safe.

How to prevent VPN from leaking IP addresses

The best way you should use a reputable VPN service to prevent IP address leakage. However, protecting IPv6 addresses is another problem. Very few VPN services can actually route IPv6 traffic through an encrypted tunnel, it only provides 'IPv6 leak protection' by turning off IPv6.

However, if you are using IPv6, make sure that the VPN actually encrypts the traffic, not just disabling it.

How to check for DNS request leaks

To find out if VPN has DNS request leaks, you can use the same method as above. Astrill will check your connection to see if there is a leak. You can get more detailed information from dnsleaktest.com website if you want to find out who can access your DNS requests.

Below is the result of running an unprotected DNS test on Astrill:

And after connecting to VPN:

If after running a DNS check and seeing servers from Google, your service provider or anyone who is not a secure VPN or DNS provider, you know that DNS information has been leaked.

How to prevent DNS request leaks

As above, you should use a reputable VPN service. Top VPNs will have built-in DNS leak protection. However, you should check if your VPN application has DNS leaks protection option and if so, make sure this option is enabled. In addition, using a secure DNS server or a server provided by a VPN will enhance security.

Whatever the VPN provider has confirmed the security level of their VPN service, you should also run the tests above. Checking IP address leaks and DNS will help you find vulnerabilities in the VPN and if you find a problem, stop it.

With all VPN-related issues, the best solution is to use high-end services from reputable providers. Check out article 11 best VPN software to see which services are the fastest and most reliable.

See more:

1. How to secure your VPN more secure?
2. VPN and SSH: Which method is more secure?
3. What is the difference between Proxy and VPN?