IPv6 Leak Test

Most VPNs only tunnel IPv4 traffic. If your internet connection also has an IPv6 address and your VPN does not handle it, that IPv6 address travels outside the VPN tunnel and can identify you. This free test checks whether that is happening right now.

Get protected with vpn.now Download the app

Free, with unlimited data. No card needed.

IPv6 leak test showing address exposure through a VPN

Checking for IPv6 addresses...

Reading your results

No IPv6 found: Your connection is IPv4-only, or IPv6 is disabled. No IPv6 leak is possible from this device.
Link-local only: You have a private link-local address (fe80::). These are not routable on the internet and cannot identify you. Safe.
Public IPv6 found: You have a real, routable IPv6 address. If your VPN does not tunnel IPv6, websites can see this and use it to identify your ISP and location.

IPv4 versus IPv6: what you need to know

The internet runs on addresses. Every device that connects to the internet needs a unique address so other devices know where to send data. IPv4 (Internet Protocol version 4) has been the standard since the early internet. It uses 32-bit addresses written as four numbers, like 203.0.113.45. The total number of IPv4 addresses is about 4.3 billion.

As the internet grew, those 4.3 billion addresses started running out. IPv6 was created to solve this. It uses 128-bit addresses, which allows for an almost unlimited number of unique addresses. IPv6 addresses look different: longer strings of hexadecimal characters separated by colons, like 2001:0db8:85a3::8a2e:0370:7334.

Many internet service providers now assign both an IPv4 and an IPv6 address to their customers. This is called a dual-stack connection. Both addresses are active at the same time, and websites that support IPv6 will use it preferentially when available.

For VPN users, dual-stack creates a problem: your VPN may only route IPv4 traffic through the tunnel, leaving your IPv6 traffic to travel directly outside the tunnel to its destination. Learn more in our article on what an IP address is and our public versus private IP guide.

What is an IPv6 leak and why does it happen?

An IPv6 leak happens when your device has a public IPv6 address, your VPN only tunnels IPv4 traffic, and the IPv6 traffic leaves your device outside the tunnel. Websites that support IPv6 connect to you using that address instead of IPv4, and your VPN's tunnel never touches the traffic.

What should happen

When you connect to a VPN, all your traffic, both IPv4 and IPv6, should route through the encrypted tunnel. Websites should see the VPN server's IP, not your real address. Your ISP should see only that you are connected to a VPN, not which sites you are visiting or what you are doing.

What happens with most VPNs

Most VPN clients were built around IPv4 when IPv6 was rarely used. They create an IPv4 tunnel but make no provision for IPv6. When you visit a site that supports IPv6, your device connects over IPv6 directly, bypassing the tunnel entirely. The site sees your real IPv6 address and can use it to identify you.

Unlike WebRTC leaks, IPv6 leaks affect all traffic types, not just browser sessions. Any app or service on your device that connects to an IPv6-enabled server can leak your real address through this gap. Read the complete background in our article on IPv6 leaks and VPNs.

What your IPv6 address reveals

Your ISP

IPv6 addresses are assigned in blocks to internet service providers, just like IPv4. A lookup on your IPv6 address will immediately reveal which ISP issued it and the country and region it belongs to. This is often more precise than an IPv4 lookup because IPv6 blocks tend to be assigned to smaller geographic areas.

Your approximate location

Because IPv6 blocks are assigned to specific ISPs in specific regions, your IPv6 address can often reveal your city or metropolitan area. The precision varies by ISP and country, but it is typically at least as accurate as an IPv4 geolocation lookup and sometimes more so.

Your device (in some cases)

Older IPv6 address formats used a method called EUI-64, which embedded part of your network adapter's MAC address directly in your IPv6 address. While modern operating systems use privacy extensions to randomize this, not all devices do. If your device uses EUI-64-derived addresses, your IPv6 address may be tied to your specific hardware.

Connect with vpn.now for a more private connection

vpn.now encrypts your traffic through our secure server. Free for everyone, with unlimited data and no credit card required. Available on Windows, macOS, Linux, and Android.

Create a free account Download the app

Who is most at risk from IPv6 leaks?

IPv6 leaks only affect users who have a public IPv6 address on their connection. The risk is higher in countries where IPv6 adoption is advanced:

United States: Over 50% of connections are dual-stack according to Google's IPv6 statistics. Major ISPs including Comcast, AT&T, and T-Mobile all provide IPv6 by default.
Germany, Belgium, Switzerland: Among the highest IPv6 adoption rates in Europe. Deutsche Telekom and several Belgian ISPs provide IPv6 by default.
India, Brazil: Rapidly growing IPv6 deployment as mobile networks (which heavily favor IPv6) account for a large share of traffic.
Mobile connections globally: 4G and 5G networks frequently assign only IPv6 addresses, using NAT64 to translate IPv4 traffic. These users are always on IPv6 and always at risk from IPv6 leaks.

Run the test above to find out whether your specific connection is dual-stack. The result tells you exactly which IPv6 addresses, if any, are detectable from your browser.

How to fix an IPv6 leak

There are two approaches: disable IPv6 on your device so no IPv6 traffic can leave at all, or use a VPN that explicitly tunnels IPv6 traffic alongside IPv4. Disabling IPv6 is the more reliable fix for most users because it removes the issue at the source regardless of your VPN client's implementation.

Windows

Open Network Connections (search for "ncpa.cpl" in the Start menu). Right-click your network adapter and select Properties. Uncheck "Internet Protocol Version 6 (TCP/IPv6)" and click OK. Repeat for any other active network adapters (Wi-Fi and Ethernet).

For a more targeted fix, open PowerShell as Administrator and run: Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6

macOS

Go to System Settings, then Network. Select your active network interface (Wi-Fi or Ethernet) and click Details. Go to the TCP/IP tab. Change "Configure IPv6" to "Link-local only". Click OK and repeat for all active interfaces.

Link-local only keeps IPv6 available within your local network but prevents your device from using public IPv6 addresses on the internet.

Linux

To disable IPv6 system-wide, add the following lines to /etc/sysctl.conf:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

Then run sudo sysctl -p to apply. Verify with ip -6 addr, which should return no addresses.

Android and iOS

Mobile operating systems do not expose a simple toggle for disabling IPv6. On Android, the most reliable fix is using a VPN app that handles IPv6 explicitly. On iOS, Safari's WebRTC behavior already limits IP exposure, but apps outside the browser may still use IPv6.

On mobile, your best option is to verify that your VPN app tunnels IPv6 or explicitly blocks it, then run this test with the VPN connected to confirm.

After applying a fix

Return to the test at the top of this page and run it again. If you disabled IPv6 correctly, the test should show "No IPv6 address detected." If a public IPv6 address still appears, check whether you have multiple network interfaces or whether your router is re-enabling IPv6.

IPv6 privacy extensions: useful but not a fix

Most modern operating systems include a feature called IPv6 privacy extensions (defined in RFC 4941). Instead of using a fixed IPv6 address derived from your hardware, privacy extensions generate a random IPv6 address that changes periodically, often every few hours or on every new connection.

This prevents your specific device from being tracked across sessions by its hardware-derived address, which is a real improvement. However, privacy extensions do not prevent an IPv6 leak in the VPN sense. Your randomly generated IPv6 address still belongs to your ISP's address block and still reveals your ISP, your approximate location, and the fact that you have an IPv6 connection.

In other words, privacy extensions reduce device-level tracking but do not hide your real network identity from websites that can see your IPv6 address outside a VPN tunnel.

The only complete fixes are disabling IPv6 or using a VPN that tunnels IPv6 traffic. For more background, see our IPv6 leaks and VPNs article.

Related tools and guides

Full VPN Leak Test

IP address, WebRTC, and IPv6 in one combined test.

WebRTC Leak Test

Check if your browser exposes your real IP through WebRTC.

IP Address Lookup

Full details on your current public IP, location, and ISP.

IPv6 Leaks and VPNs

Full explanation of IPv6 leaks and how to prevent them.

Public vs Private IP

The difference between your public and local IP addresses.

Testing Your VPN

A step-by-step process for verifying your VPN works correctly.

Frequently asked questions

Do I have an IPv6 address?

Run the test above to find out. IPv6 assignment varies by country and ISP. In the United States, Germany, Belgium, and several other countries, dual-stack connections (both IPv4 and IPv6) are common. In other countries, IPv4-only connections are still the norm. Mobile connections are increasingly IPv6-only or dual-stack. The test tells you exactly what applies to your current connection.

If I have no IPv6 address, am I fully protected from this type of leak?

Yes. An IPv6 leak requires an active public IPv6 address to leak. If your connection is IPv4-only, or if IPv6 is disabled on your device, no IPv6 traffic can leave your device and no leak is possible. The test result "No IPv6 address detected" means you are not at risk from this specific issue on this device.

How does this test detect my IPv6 address without contacting a server?

This test uses your browser's WebRTC API to collect ICE (Interactive Connectivity Establishment) candidates. When the browser prepares for a peer-to-peer connection, it discovers all available network interfaces on your device, including IPv6 addresses. Public IPv6 addresses found this way are the same ones that would be visible to any website that requests a WebRTC connection from your browser. No data is sent to our servers.

What is a link-local IPv6 address and is it a problem?

Link-local addresses start with fe80 and are used only within your local network segment. They are automatically assigned by your OS for communication between devices on the same network (like your computer and your router). Link-local addresses are not routable on the internet: external websites cannot use them to contact you or identify you. Seeing a link-local address in the results is normal and harmless.

Will disabling IPv6 cause problems with my internet or apps?

For most home users, disabling IPv6 causes no noticeable issues. Nearly all websites and services work over IPv4, and your device and browser fall back automatically. You may see slightly slower loading on sites that prefer IPv6, since the connection falls back to IPv4. In rare cases, certain enterprise or university networks require IPv6 for internal routing. If you are on a managed network, check with your IT team before disabling it.

I disabled IPv6 but the test still shows an IPv6 address. Why?

Your device may have multiple network interfaces, and the change may only have applied to one of them. On Windows, check all adapters in Network Connections. On macOS, apply the change to both Wi-Fi and Ethernet. On Linux, confirm the sysctl changes applied to all interfaces. Also check whether your browser cached previous results. After making changes, run the test in a fresh tab.

Is vpn.now free to use?

Yes. vpn.now is free for everyone, with no credit card required and no data cap. See what the free plan includes and create an account in under a minute. The app is available on Windows, macOS, Linux, and Android.

Protect your connection with vpn.now

vpn.now encrypts your traffic, hides your IP, and is completely free. No credit card. No data cap. Download the app for your device and connect in minutes.

Create a free account Download the app

Also check: full VPN leak test, WebRTC leak test, IP address lookup, what the free plan includes.