VPN Leaks: Knowing, Understanding and Preventing

VPNs have become much more popular as a way for people to keep their data secure in an increasingly insecure world. As the technology has grown in prevalence, a number of different types of VPNs have come to market, which has increased the chances of vulnerability.

If you are using a VPN, it’s important to check your VPN performance regularly by performing VPN leak tests.

Types of VPN Leaks

DNS leak

A DNS leak is the most common VPN leak, through which the real identity of a user is exposed. Domain Name System (DNS) query processing is a complex process that sometimes can cause IP leaks.

DNS acts as a connector between the internet and a user. When a user enters any URL into the browser, the browser immediately communicates the user’s device DNS and asks for the IP address of that site or webpage. Without a DNS server, the searched webpage can’t be displayed to the user.

The DNS server keeps the IP addresses of websites and provides it to the browser, as the internet is not capable of processing the wordy URL.

ISP DNS is the default setting in most devices, and through this channel, your ISP can know all the browsing activities. DNS leaks occur when a user connects to a VPN to hide their browsing history. Normally, the VPN automatically changes the ISP DNS to the anonymous VPN DNS. In a DNS leak, however, the DNS request bypasses the VPN and goes to ISP DNS.

IP Leak

An IP leak occurs when a user’s real IP address is exposed when a VPN is connected to hide it. There could be many reasons for IP leaks, including vulnerabilities in operating systems, browser plugins or web browsing software.

Torrent IP leak

As implied by the name, this leak occurs while torrenting. The torrent activities are also anonymized and encrypted when a user is connected to a VPN. Sometimes, however, the torrent client unveils the user’s real IP address. A torrent IP leak only occurs while torrenting, due to setting issues such as the enabled DHT and PEX features or the split tunneling feature of the VPN.

When split tunneling is enabled, some of the internet traffic—including the torrent traffic— is unencrypted, exposing the IP address.

WebRTC Leak

WebRTC, or web real-time communication, is a feature in many browsers that provides browser-to-browser real-time communication, video and voice calling, P2P file sharing and other tasks without the need of any third-party software.

With a little effort, WebRTC can be used to reveal the user’s real IP when the VPN is connected. WebRTC communications occur through the internet-based server known as STUN (Session Traversal Utilities for NAT). With the help of the STUN server, your computer and other internal network devices can find their public IP addresses. STUN servers are also used by a VPN service to translate the internal network address to the public IP address and vice versa. To carry out this process, the STUN server keeps a database of VPN-based IP address and the local IP address while connected.

WebRTC leak is not an issue with the VPN. Rather, it is the vulnerability of the browser. When the STUN server queries are accepted by a browser’s WebRTC, the response is sent back to the STUN server. This response reflects both the public and private IP address and other information.

The real IP hidden in the result of the requests could be accessed through a program called JavaScript. If a browser has WebRTC and JavaScript enabled, it is vulnerable to WebRTC leak.

How to Avoid VPN Data Leaks

You can easily get rid of these privacy vulnerabilities by following some privacy measures. But before that, you need to determine whether your VPN working. There are some tests through which you can spot a leak or vulnerability in your VPN.

Detecting VPN Leaks

First, disconnect your VPN, go to Google and enter “What is my IP.” You will get your real IP address in the search result, and you should remember your IP so that you can analyze your VPN performance. Now, you must check every data leak individually.

DNS Leak Test

To perform a DNS leak test, you should use a legitimate DNS test tool that is not affiliated with a VPN or doesn’t have its own VPN service. Such tools could mislead you with confusing results.

  • Connect your VPN and go to the DNS test tool.
  • Run the test and wait for the results.
  • Now, analyze the results. If the DNS results match your real IP details, then your VPN might be leaking DNS.

If you find the DNS leak, there are two ways to fix it.

  • You can manually change your DNS settings form ISP DNS to any third-party DNS server. GoogleDNS and OpenDNS are the two popular DNS servers.
  • Use a VPN with a DNS leak prevention feature. This feature continuously monitors the DNS requests and prevent DNS leak.

Torrent IP Test

  • Open any torrent test tool.
  • Click “Load Torrent File.”
  • Then click  “Magnet Link” and open the file in your torrent client. (If you don’t have any torrent file, then download one before testing torrent IP leak).
  • When the downloading starts, check the test page to see which IP is displayed in the right-side box.
  • Analyze the results. If the IPs are the same, then your torrent IP is not revealing your real IP.

There are three ways to prevent torrent IP leak:

  • Use a VPN with kill switch feature. This feature is specially designed for torrenters to prevent IP leaks should the VPN connection drop.
  • Bind IP with your torrent client. You can find the IP binding method by searching the name of your torrent client.
  • Some third-party software such as VPNWatcher, VPNCheck or VPNNetMon can work as a kill switch by automatically disconnecting the internet when the VPN connection is disconnected.

WebRTC Test

  • Open any WebRTC test tool.
  • Click “Execute Test” and wait for the results.
  • If the displayed IP is similar to your ISP’s IP, then your identity is being exposed through WebRTC leak.

You can prevent WebRTC leaks by manually disabling WebRTC or by downloading an extension for WebRTC leak prevention. However, setting changes are only available in Mozilla Firefox. A browser add-on is available for other web browsers including  Chrome, Opera and Yandex.

Featured eBook
Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Speed and Scale: How Machine Identity Protection is Crucial for Digital Transformation and DevOps

Digital transformation requires new approaches to security, demanding the protection of machine identities that enable authentication and encryption required for secure machine-to-machine communication. Solving machine identity protection challenges within DevOps environments, requires a fundamentally new approach. Information Security teams must deliver a frictionless, automated solution that allows DevOps engineers to seamlessly provision and manage certificates ... Read More
Venafi