IPv6 Leak Test
Your VPN might be leaking IPv6 traffic right now—exposing your real IP address even when connected. Unlike IPv4, IPv6 often bypasses VPN tunnels entirely, leaving you visible to websites, trackers, and surveillance. This test detects leaks through both standard HTTP requests and WebRTC ICE candidates, the same methods used by Mullvad, NordVPN, and ExpressVPN in their own security audits. No setup needed. Results in seconds.
Takes about 5-10 seconds
How This Test Works
- We query our IPv4-only endpoint (v4.zend2.com) to get your IPv4 address and network info
- We query our IPv6-only endpoint (v6.zend2.com) to check if you have IPv6 connectivity
- We use WebRTC ICE candidate gathering to detect any IPv6 addresses your browser might expose
- We compare the ASN (network owner) of your IPv4 and IPv6 addresses
- If IPv6 comes from a different network (your ISP) while IPv4 is from your VPN, that's a leak
Privacy note: This test does not log any IP addresses or personal data.
What Is an IPv6 Leak?
An IPv6 leak occurs when IPv6 traffic bypasses your VPN tunnel and routes directly through your Internet Service Provider. This exposure happens even when NordVPN, ExpressVPN, or Mullvad indicate an active connection and properly route IPv4 traffic. WebRTC connections commonly trigger these leaks during ICE candidate discovery, which exposes your real IPv6 address to websites and circumvents zend2.com proxy protection along with any VPN encryption layer. Your ASN becomes visible, revealing your true network identity and location despite active VPN protection. System-level configurations in sysctl.conf may prevent IPv6 leaks on Linux systems, though most users lack this technical setup.
When you connect to a VPN, you expect all your internet traffic to be encrypted and routed through the VPN server. However, many VPNs were designed primarily for IPv4 and don't properly handle IPv6 traffic. This creates a "split tunnel" situation where IPv6 packets bypass the encrypted tunnel entirely, WebRTC ICE candidates expose your real IP address to websites, and your ASN remains visible to any service that checks.
- IPv4 traffic goes through your VPN (protected)
- IPv6 traffic goes directly to your ISP (exposed)
Why IPv6 Leaks Matter
Identity Exposure
Your real IPv6 address can be linked to your ISP account and physical location.
Silent Failure
IPv6 leaks happen silently while your VPN shows "connected".
Growing IPv6 Adoption
More websites support IPv6, making leaks more likely to expose you.
Unique Identifier
IPv6 addresses are often static and unique, making them excellent tracking identifiers.
How to Fix IPv6 Leaks
1. Use a VPN with full IPv6 support: Mullvad, NordVPN, and ExpressVPN route IPv6 traffic through their networks rather than blocking it, preventing leaks at the source. This approach maintains connectivity without exposing your real IPv6 address to sites or ICE candidates gathered via WebRTC.
2. Enable IPv6 Leak Protection: Many VPNs offer an "IPv6 leak protection" setting that blocks all IPv6 traffic while connected.
3. Disable IPv6 on Your Device:
- Windows: Network adapter settings → IPv6 → Uncheck
- macOS: System Preferences → Network → Advanced → TCP/IP → Configure IPv6: Off
- Linux: Add
net.ipv6.conf.all.disable_ipv6 = 1to sysctl.conf
4. Disable IPv6 on Your Router: For network-wide protection, disable IPv6 in your router settings.
Frequently Asked Questions
You can fix IPv6 leaks by:
- Using a VPN that fully supports IPv6 tunneling
- Enabling IPv6 leak protection in your VPN settings
- Disabling IPv6 on your device or router
- Using a VPN that blocks IPv6 traffic entirely