VPN Leak
What is VPN Leak?
VPN LeakA failure of a VPN tunnel that lets identifying traffic — IP, DNS, IPv6, or WebRTC — escape outside the encrypted channel.
A VPN leak is any condition where traffic supposed to be carried by the VPN escapes to the open internet, revealing the user's real IP, DNS queries, or both. Common categories are IP leaks during tunnel reconnect or kill-switch failure, DNS leaks when the system resolver is queried directly, IPv6 leaks when the VPN only routes IPv4, and WebRTC leaks via STUN-discovered candidates. Each type defeats the privacy goal of the VPN. Defences include a reliable kill switch that blocks all traffic when the tunnel drops, forced DNS through the tunnel, disabling or routing IPv6, applying mDNS-anonymized WebRTC candidates, and regular leak testing against services like ipleak.net.
● Examples
- 01
Real IP exposed for a few seconds when the VPN reconnects without a kill switch enabled.
- 02
IPv6 traffic going directly while IPv4 stays in the tunnel because the client did not block IPv6.
● Frequently asked questions
What is VPN Leak?
A failure of a VPN tunnel that lets identifying traffic — IP, DNS, IPv6, or WebRTC — escape outside the encrypted channel. It belongs to the Privacy & Data Protection category of cybersecurity.
What does VPN Leak mean?
A failure of a VPN tunnel that lets identifying traffic — IP, DNS, IPv6, or WebRTC — escape outside the encrypted channel.
How does VPN Leak work?
A VPN leak is any condition where traffic supposed to be carried by the VPN escapes to the open internet, revealing the user's real IP, DNS queries, or both. Common categories are IP leaks during tunnel reconnect or kill-switch failure, DNS leaks when the system resolver is queried directly, IPv6 leaks when the VPN only routes IPv4, and WebRTC leaks via STUN-discovered candidates. Each type defeats the privacy goal of the VPN. Defences include a reliable kill switch that blocks all traffic when the tunnel drops, forced DNS through the tunnel, disabling or routing IPv6, applying mDNS-anonymized WebRTC candidates, and regular leak testing against services like ipleak.net.
How do you defend against VPN Leak?
Defences for VPN Leak typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for VPN Leak?
Common alternative names include: VPN tunnel leak, Tunnel bypass.
● Related terms
- privacy№ 339
DNS Leak
A privacy failure in which DNS queries bypass a VPN or Tor tunnel and are sent to the user's ISP or default resolver in cleartext.
- privacy№ 1231
WebRTC IP Leak
A browser-side leak in which WebRTC's STUN/ICE machinery exposes a user's real local and public IP addresses, even when a VPN or proxy is active.
- network-security№ 1212
VPN (Virtual Private Network)
A technology that creates an encrypted, authenticated tunnel over a public network so that traffic appears to travel through a private network.