How To Check If Your VPN Is Working (And Really Protecting You)

Using a VPN is one thing. Knowing whether it’s actually doing its job is another. If you’ve ever wondered “Is my VPN really on?” or “Is my real location still visible?”, there are a few simple checks you can do in a couple of minutes.

This guide walks through how to verify that your VPN is working properly, what can still leak, and why the answer can vary depending on your device, apps, and settings.

What “Working” Means For a VPN

Before testing, it helps to know what a VPN is supposed to do.

In basic terms, a VPN (Virtual Private Network) should:

Hide your real IP address and replace it with the VPN server’s IP
Encrypt your internet traffic so it can’t be easily read on the way
Tunnel your traffic through a different location, often another country
Optionally prevent leaks (DNS, IPv6, WebRTC) that could expose your real details

When people say “Is my VPN working?”, they usually mean one or more of:

Is my IP address hidden?
Is my location changed to the VPN’s location?
Are there no obvious leaks of my identity or browsing?
Does the connection stay on if the VPN drops (kill switch)?

You can test all of these from a browser in a few minutes.

Step 1: Check Your IP Address Before and After Connecting

This is the simplest and most important check.

Turn your VPN off.
Visit an “What is my IP” type site in your browser.
Note:
- The IP address shown
- The city/country it detects
Turn your VPN on and connect to a server (for example, a different country).
Refresh the same site.

If the VPN is working correctly:

The IP address should change
The location should match (or roughly match) the VPN server’s location

If your IP does not change, something’s wrong:
you might be disconnected from the VPN, using split tunneling, or your device might not be routing all traffic through the VPN.

Step 2: Test For DNS Leaks

Even if your IP looks different, your DNS requests might still be going through your internet provider instead of the VPN.

DNS (Domain Name System) is like the address book of the internet: when you type example.com, DNS finds the matching IP. If DNS requests go through your ISP, they may still see which sites you look up.

To check:

Make sure VPN is ON.
Visit a “DNS leak test” site.
Run the extended or standard test.
Look at the DNS servers the site reports.

What you want to see:

The DNS servers should belong to the VPN provider or at least not clearly to your ISP.
The country for the DNS servers should match the VPN server or a related region, not your actual home country (unless you picked a server in your own country).

If the DNS servers clearly belong to your ISP or show your real country when you chose a foreign server, you likely have a DNS leak.

Step 3: Check For WebRTC Leaks (Especially in Browsers)

If you’re on a browser that supports WebRTC (most modern desktop browsers do), your real IP can sometimes be revealed even with a VPN.

WebRTC is a technology used for things like voice and video in the browser. It can try to discover your “real” network addresses to optimize connections.

To test for WebRTC leaks:

With the VPN connected, search for a WebRTC leak test page.
Run the test.
Look for any local or public IPs shown.

Key points:

A local IP (like 192.168.x.x or 10.x.x.x) is just your internal home network IP. That’s normal and not dangerous by itself.
What you don’t want to see is your real public IP address (the one you had before turning on the VPN) appearing alongside the VPN IP.

If the test shows only the VPN IP as public, your VPN is handling WebRTC well.
If it shows your real public IP, websites using WebRTC could still identify you.

Step 4: Confirm Location-Based Content Changes

Another quick test is to see if websites treat you as if you’re in the VPN’s country.

With your VPN on:

Try visiting a search engine and look at the language or region suggestions.
Try video streaming or news sites that show customized content based on region.
Look at currency, language, or local recommendations.

Signs your VPN location override is working:

The site content or region matches your VPN country, not your real one.
Local services that were only available in your home country might now appear different or restricted (or vice versa).

This sort of test isn’t perfect—many big services use more than just IP to guess your region—but it’s another signal that your traffic is coming from somewhere else.

Step 5: Check If the Kill Switch Works (Safely)

A kill switch is a VPN feature that blocks internet access if the VPN disconnects unexpectedly. It’s there to prevent your real IP from leaking during drops.

How you test this depends on how comfortable you are and what you’re doing. A cautious approach:

Make sure you’re not doing anything critical (no banking or sensitive logins).
With the VPN connected, start a non-critical activity (such as streaming a video or downloading a file).
Then:
- Turn the VPN off from its app, or
- Force a quick disconnect (e.g., switch your Wi‑Fi off then on while the VPN is on).
Watch what happens:
- If your internet access stops until the VPN reconnects, the kill switch is likely working.
- If everything continues normally and your IP instantly reverts to your real one, your kill switch may be off or unsupported.

On some systems, the kill switch is not enabled by default, or it may only protect certain types of traffic.

Step 6: Look At Device-Level vs App-Level Protection

Even if your VPN appears to work in your browser, not all apps may be using it. That depends on how your VPN is set up:

System-level VPNs (common on Windows, macOS, Android, iOS) usually route all traffic through the VPN.
Browser-only VPNs or extensions protect only that browser, not the rest of the system.
Split tunneling allows some apps to bypass the VPN.

To check:

Run an IP-lookup test from different apps:
- Browser
- Another browser
- A networked app that can show your IP (like some torrent clients or diagnostics tools)
See if all of them show the VPN’s IP while it’s connected.

If only one browser shows the VPN IP, you might have:

A browser-only VPN extension
Split tunneling configured
A misconfigured VPN on the system

This matters if you want everything (not just your browser) to use the VPN.

Variables That Change How You Test a VPN

The basic checks are the same, but your device, OS, and setup change how reliable these tests are and what problems you might run into.

Device Type

Device type	Common VPN behavior	Typical issues to watch for
Windows / macOS PC	Full-system VPNs common; rich settings available	DNS leaks, WebRTC leaks, kill switch settings
Android phone/tablet	System-wide VPN or per-app VPN	Battery optimizations killing background VPN
iPhone / iPad	System-level VPN, but app-level rules can vary	VPN drops when idle, reconnect timing
Browser-only (extensions)	Protects only that browser’s traffic	Other apps using real IP, WebRTC in other apps
Routers	VPN at network level for all devices	Harder to test per device; mixed local/remote

Different devices also have different network stacks and permissions, which affects things like DNS handling and kill-switch features.

Operating System and Version

Older OS versions may:

Handle DNS differently, causing random leaks
Have fewer VPN protocols available
Interact oddly with firewalls or antivirus

Newer versions may have:

Built-in “always-on” VPN features
Better IPv6 support (which you also need to test for leaks)

Network Type

Where you’re connecting from can change things:

Home Wi‑Fi: Usually the most stable and predictable
Public Wi‑Fi (cafes, airports): Some networks block VPN ports or protocols
Mobile data (4G/5G): Carriers may handle NAT and DNS differently
Work/school networks: Extra firewalls, deep packet inspection, or VPN blocking

A VPN that looks perfect at home might struggle on a heavily filtered corporate or campus network.

VPN Protocol and Settings

Different VPN protocols (like OpenVPN, WireGuard, IKEv2) can:

Behave differently with firewalls
Have different reconnection behaviors
Vary in how they handle IPv6 and DNS

Features like:

Split tunneling
Custom DNS servers
Obfuscation/stealth modes

…all affect what you see in leak tests and IP checks.

Different User Profiles, Different “Working” Thresholds

What counts as “working well” isn’t the same for everyone. Some examples:

Casual Browsing and Streaming

Mainly wants: IP change, basic location masking
Might not care about: rare DNS quirks, minor WebRTC cases
Tests mostly: IP change, streaming region behavior

Privacy-Focused Users

Wants: No leaks at all, strong encryption, reliable kill switch
Cares about:
- DNS leaks
- WebRTC leaks
- IPv6 leaks
- Guaranteed kill switch behavior
Tests with: multiple tools, different browsers, and sometimes advanced network checks

Remote Workers and Business Use

Wants: Stable connection, access to work resources, minimal drops
Cares more about:
- Reliability over long sessions
- Compatibility with corporate apps
Tests: IP consistency, ability to reach internal tools, reconnect behavior

Torrenting / P2P Users

Wants: IP masking in specific apps, strong kill switch
Cares about:
- Torrent client showing VPN IP
- No leaks if connection drops
Tests: IP from inside the P2P app, kill switch under load

Each of these profiles would use the same core checks, but they interpret results differently and care more about some tests than others.

Where Your Own Situation Becomes the Missing Piece

You now have the main tools to check if a VPN is really working for you:

IP change tests
DNS leak tests
WebRTC leak checks
Location-aware site behavior
Kill switch verification
App-by-app IP checks

Whether your VPN is “working well enough” depends on:

Which devices you use (laptop, phone, router, or a mix)
Your operating systems and how up-to-date they are
The networks you connect from (home, work, public Wi‑Fi, mobile)
The protocols and features you enable (split tunneling, kill switch, custom DNS)
How sensitive your activities are and how much risk you’re willing to accept

Those details shape how strict your testing needs to be and what “good enough” looks like in practice.