A VPN should route your internet traffic through an encrypted tunnel and make websites see the VPN server’s IP address instead of your normal ISP address. The simplest test is to check your IP before connecting, connect to the VPN, then check again.
Step 1: Check Your IP Before Connecting
Open an IP lookup tool while disconnected from the VPN. Note the public IP, approximate location, ISP, and whether you have IPv4, IPv6, or both. This gives you a baseline for comparison.
Step 2: Connect to the VPN
Choose a VPN location and wait until the app reports that the tunnel is connected. Reload the lookup page or open it in a new browser tab. The visible public IP should now belong to the VPN provider or the selected server location.
Step 3: Watch for DNS Leaks
A DNS leak happens when your domain lookups still go to your ISP or another resolver outside the VPN. This can reveal browsing metadata even when the page traffic uses the VPN tunnel. A trustworthy VPN should route DNS through its own resolver or a privacy-respecting resolver inside the tunnel.
Step 4: Check IPv6 and WebRTC
If your normal network has IPv6 and the VPN does not handle it, your IPv6 address may remain visible. Some browsers can also expose local or public network information through WebRTC features. If your VPN app offers leak protection, enable it and test again.
What a Good Result Looks Like
The public IP changes, the ISP changes to the VPN network or hosting provider, DNS requests do not go to your normal ISP, and no separate IPv6 address from your real connection appears. If any part fails, check the VPN settings, reconnect, update the app, or choose a provider with stronger leak protection.