How to test a VPN and make sure it is working properly
Over the years, a VPN has proven its worth as a way to encrypt people’s online data and secure their connection by giving them alternate IP addresses while browsing to keep their identities, browsing data, and activity logs hidden from their ISP, but nothing is absolutely perfect, like any other. Another thing is that some technical errors may occur, and the VPN fails to perform its work, and the cost incurred by the user in this case is exorbitant, which is the leakage of his data and the disclosure of his identity clearly to both the Internet service provider and other parties.
Unfortunately, it is difficult for the user to detect such errors as soon as they occur, as it is known that there is no immediate way to tell you that the VPN network that you are using has been down to disclose your IP address similar to that notification that tells you that the Internet connection has failed, for example, but there are tools that can Through it, we verify that the VPN network that you are using is performing its work well, and in the following lines we will discuss these tools with some clarification.
How do VPNs work?
The VPN, when turned on, acts as a proxy for the user when he or she connects to the Internet. VPN hides the identity of Internet users by encrypting the user’s Internet Protocol or IP address and redirecting it to a remote server located in another country that is run by the VPN host and is specially created to act as an intermediary between the user and the website that trying to reach him.
Accordingly, the VPN server becomes the source of the user’s data when browsing the Internet through the Virtual Private Network, which means that none of the Internet Service Providers (ISP) and other third parties will be able to access the addresses of the websites visited by the user, or searches, or Cookies, or data that it sends or receives via the Internet, and the website that the user wants to access will not be able to know the actual geographical location of this user, which helps users to overcome content restrictions and access sites that are prohibited in their countries.
Reasons why VPNs fail
There are three main types of failures that cause a VPN to fail in its primary function of encrypting a user’s IP address to hide their identity. These types are:
Internet Protocol (IP) address leak
When a device connects to the Internet, it is distinguished from other devices by giving it a special digital identifier known as an “Internet Protocol” (IP) address. This address acts as an intermediary between the user and the Internet. It is very similar to the phone numbers that telecom companies allocate to each phone line or SIM card, and the Internet Service Provider (ISP) provides more than one standard for assigning Internet Protocol addresses to devices, the first of which was the standard known as “IPv4”, which has been in use for years. long ago and consisted of a maximum of 32 bits which allowed up to 322 to be allocated.
With the increase in the number of devices connected to the Internet around the world, there is a need for a new standard that allows the allocation of a greater number of Internet Protocol addresses, so the “IPv6” standard appeared, which consists of a maximum of 128 bits and allows the allocation of up to 1282 Internet Protocol addresses. All major operating systems support the IPv6 standard on various types of devices, while most Internet service providers and websites still only support the IPv4 standard, and therefore some devices that connect to the Internet have a composite protocol address that corresponds to both standards together.
In its normal state, the VPN replaces the user’s IP address with another IP address of the VPN server through which the user connects to the Internet in order to hide the user’s actual identity from any third parties, and when the VPN fails to perform its function, the user’s actual IP address appears instead of Alternate Virtual IP Address This type of failure is called IP Leaks.
This issue occurs because most VPN applications are not compatible with IPv6 IP addresses. When a user connects to the Internet with a real IPv6 address, and wants to access a website that supports IPv6 addresses, the VPN redirects the user to a server. A remote user with only his IPv4 address encrypted, while the user’s IPv6 address remains unencrypted revealing his true identity.
Internet Protocol addresses are the main means by which devices connected to the Internet and websites are dealt with, but actually, we do not write the IP address of any website when we want to access this site we only need to write the URL of the requested website, because Our web browser uses what’s known as the Domain Name System (DNS) to translate a URL such as “xyz.com” into the IP address of the requested website.
The Internet Service Provider provides the domain name servers for the devices and thus has access to the Internet browsing history of those devices, but VPNs normally encrypt the actual DNS servers provided by the ISP to the user and replace them with other DNS servers of their own to act as an intermediary between the user and the websites you browse.
And when the VPN fails to encrypt the actual DNS servers, so the data passes through it directly to the desired websites without using the VPN servers as an intermediary, then the third parties that have access to the actual DNS records can see the full activity history of the user on the Internet, and this type is known as It malfunctions as DNS Leaks.
A DNS leak is the most common failure when VPNs fail, and there are many possible causes for this type of failure, such as the device’s operating system failing to transmit DNS requests to the VPN in use, or the VPN application being used to transmit data to servers its DNS because of poor design, misconfigured servers, etc.
All modern web browsers support WebRTC, a system from Google that allows users to make real-time audio and video communications through a browser or web application.
While the VPN is running, real-time data transmission using the WebRTC system may sometimes bypass the encryption process carried out by the virtual network, causing the user’s real IP address to be revealed to the website he is trying to access. This type of VPN is known as VPN. VPN malfunctions in this case are called WebRTC Leaks. In contrast to the leakage of the Internet Protocol, the leakage of instant communication networks may cause the user’s IPv4 or IPv6 address, or both, to be decrypted.
How to check VPN performance
The mechanisms through which it is possible to verify that the VPN used is performing its work well depends on discovering the three faults that we mentioned, which usually cause the failure of VPNs, so the process of verifying the performance of a VPN needs to perform three tests as follows:
First: the IP address leak test
There are many reliable sites through which the user can know his IP address, such as ipleak.net and browserleaks.com. In order to make sure that the VPN that we use still hides the real IP address while browsing the Internet and does not suffer from the problem of IP address leakage, all we have to do is simply connect to the VPN and then go to one of these sites, let it be ipleak.net, which will show us The alternative IP address that appears while we are using the VPN, so we write down the IP address, then we exit the site and then we turn off the VPN and reconnect to the Internet again, but using the real IP address and go again to the site and note the real IP address that it displays site now. When comparing the IP address displayed by ipleak.net in the two cases, there are two possibilities:
- That the virtual IP address that the site displays while the VPN is on is different from the real IP address that appears when the VPN is turned off, and this means that the VPN does not leak the real IP address of the user.
- That the virtual IP address that the site displays while the VPN is running is identical to the real IP address that appears when the VPN is turned off, and this indicates the possibility of a leak of the Internet Protocol address, which means that the VPN has failed to perform its work.
Second: DNS leak test
Many free websites such as whoer.net, dnsleak.com, and dnsleaktest.com provide tools that allow access to information such as the name of the Internet Service Provider (ISP), the IP address used, as well as displaying all of the user’s DNS servers.
DNS leaks can be verified while using VPNs by entering one of these sites such as dnsleaktest.com and pressing the Extended Test button to display all DNS servers, and comparing the DNS servers that appear when using a VPN with the DNS servers that appear when the connection to a network is disabled VPN. When the results are similar, that is, the DNS servers that appear when using a VPN are similar to the DNS servers that appear when the connection to the VPN is disabled, this indicates the possibility of a DNS leak, but when the results differ in both cases, this may indicate that the VPN is still working well.
Third: Testing the leakage of instant communications
A WebRTC leak can be detected in the same way as the aforementioned Internet Protocol leak, that is, by going to a site that provides a service to display user Internet connection information such as ipleak.org, and searching for both the IPv4 address and the IPv6 address that appear while the VPN is on, then turn it off. VPN and repeat the same steps again.
If the IPv4 and IPv6 addresses displayed by the site if the VPN is running are identical to the IPv4 and IPv6 addresses shown after disabling the VPN, this means that a WebRTC leak is likely, which indicates that the VPN used is no longer performing its work well, but if the results are the same in both cases, this means No WebRTC leak has occurred and the VPN used can still protect the user’s IPv4 and IPv6 addresses from being masked.
There are many other sites that provide similar tools that allow WebRTC leak detection, such as Perfect Privacy WebRTC, which provides a specialized tool for testing WebRTC leaks, and some VPN applications such as ExpressVPN provide a free tool that enables the user to test VPN network performance and detect if WebRTC leaks may or may not have happened.
How to avoid VPN failures
The possibility of a VPN failing to perform its function can be reduced by avoiding the causes that lead to it. To reduce the occurrence of IP address leaks, try using an IPv6-compliant VPN application or manually disable your device’s IPv6 address.
To reduce the possibility of DNS server leaks, you should use a reliable VPN application that is compatible with IPv6 addresses and provides good protection against DNS leaks such as ExpressVPN, with IPv6 leak protection enabled in the VPN application settings if it provides such a feature. Using VPN servers located in another country also helps reduce the possibility of DNS leaks. As for the WebRTC leak, it can be avoided by disabling the WebRTC instant communication service in the settings of your browser or web application that you are using.
The goal of using a VPN is to encrypt the user’s IP address and DNS server and redirect it to a remote server that acts as an intermediary between him and the site he wants to access, but in some cases the VPN fails to perform its work as required, revealing the user’s data and allowing the Internet provider the possibility Access to the IP address, DNS servers, physical location, and Internet browsing history of the user. There are three main malfunctions that can occur when a VPN fails to perform its function, and these three are called IP address leak, DNS server leak, and IM network leak.
Many trusted sites offer tools that allow you to test VPN performance for each of the three failures. for example; You can check whether a VPN is working properly or not by using ipleak.net to view the IPv4 address, IPv6 address, and DNS servers that are shown to your ISP and third parties. This data should be different when the VPN is on than when the VPN is down, and if the results displayed are the same in both cases, then the VPN is not performing well and is not securing the user’s Internet connection.
There are a set of measures that may contribute to reducing the possibility of VPN failure and the occurrence of the three malfunctions, and the most important of these measures is to use a reliable VPN application that is compatible with IPv6 addresses and provides good protection against DNS leaks such as the ExpressVPN application, with the activation of the IPv6 leak protection feature in the application settings The VPN used, if it allows this feature, and disable the WebRTC service in the settings of the browser or web application used.