A VPN that is not working correctly offers a false sense of security. Your real IP address, DNS queries, or WebRTC traffic may be leaking without any visible warning. Here is a systematic, step-by-step method to verify your VPN is actually protecting you β starting with a free check on whatsmy.fyi.
Step 1: Check Your IP Address Before and After
The most fundamental VPN test is comparing your IP address with and without the VPN active.
- Disconnect your VPN completely. Visit whatsmy.fyi and note your real IP address and location shown at the top.
- Connect your VPN and choose a server location (e.g., Germany).
- Reload whatsmy.fyi. The IP address shown should now be completely different β it should belong to your VPN provider, and the location should match the server you connected to.
If the IP address did not change, your VPN is not routing your traffic correctly. This can happen due to a split-tunnel configuration, a kill switch that blocked the connection, or the VPN client failing to establish a tunnel.
Step 2: Verify the ISP Has Changed
Beyond the IP address, check the ISP (Internet Service Provider) field on whatsmy.fyi. With a working VPN, the ISP should display your VPN provider's name β NordVPN, ExpressVPN, Mullvad, ProtonVPN, etc. β rather than your home internet provider (Comcast, BT, Vodafone, etc.).
If the ISP still shows your real provider even though the IP changed, you may be connecting through a misconfigured proxy rather than a true VPN tunnel. Learn more about what ISP data reveals about your connection.
Step 3: Check for WebRTC Leaks
WebRTC is a browser technology that can expose your real IP address even when you are connected to a VPN. This is one of the most common and dangerous VPN failures because it happens silently inside your browser without any indication.
On whatsmy.fyi, the WebRTC Leak Test card runs automatically. It compares the IP your browser reports via WebRTC with the IP your VPN is showing. If they match, you are safe. If they differ β specifically if WebRTC shows your home IP β your VPN has a WebRTC leak.
Read the full explanation of how WebRTC leaks work and how to fix them. You can also follow our dedicated WebRTC leak testing guide.
Step 4: Test for DNS Leaks
DNS leaks happen when your device sends DNS queries to your home ISP's DNS servers instead of routing them through the VPN. This allows your ISP to see every domain you visit, even though they cannot see the content.
A DNS leak is particularly common on Windows, which has a feature called "Smart Multi-Homed Name Resolution" that can bypass VPN DNS settings. To test:
- Use a dedicated DNS leak test tool (dnsleaktest.com or ipleak.net).
- With your VPN connected, run the extended test.
- The DNS servers listed should belong to your VPN provider, not your ISP. If you see your ISP's DNS servers, you have a DNS leak.
Step 5: Check That TLS Is Properly Encrypted
While not specific to VPN testing, verifying that your connection uses modern TLS 1.3 encryption confirms that traffic leaving the VPN tunnel is encrypted end-to-end. On whatsmy.fyi, the Connection card shows your TLS version. TLS 1.3 is the current standard; anything below TLS 1.2 is outdated.
Step 6: Check the VPN / Proxy Detection Card
whatsmy.fyi includes a VPN / Proxy Detection card that cross-references your current IP against a database of known VPN provider ASNs. If your VPN is working and the provider is in our database, it will show "VPN detected". This confirms that external websites also recognise your connection as a VPN.
Note: if your VPN uses residential IPs (a privacy feature offered by some premium providers), it may not be detected here β but that does not mean it is not working. Learn how VPN detection works in depth.
Common Reasons a VPN Stops Working
- Kill switch activated: The VPN disconnected and the kill switch blocked all traffic. Reconnect the VPN and re-run the tests.
- Split tunneling misconfigured: Only some apps are routed through the VPN. Your browser may not be included.
- Protocol fallback: The VPN fell back from WireGuard to OpenVPN or another protocol after a connectivity issue, potentially exposing different metadata.
- DNS leak on Windows: Smart Multi-Homed Name Resolution bypasses VPN DNS. Disable it in Group Policy or use a VPN that enforces its own DNS.
- WebRTC not blocked: Most VPN browser extensions do not block WebRTC by default. You need a dedicated browser extension or a VPN client that handles this.
Quick VPN Verification Checklist
- IP address changed to VPN server location β
- ISP shows VPN provider name, not home ISP β
- WebRTC shows VPN IP, not home IP β
- DNS queries go through VPN DNS servers β
- TLS 1.3 active β
- VPN detection card shows "VPN detected" β
Run all six checks together by visiting whatsmy.fyi with your VPN connected. The dashboard gives you IP, ISP, WebRTC leak status, and VPN detection in a single page β the fastest way to confirm your VPN is actually working.
Frequently Asked Questions
My IP changed but my location still shows my home city β is my VPN working?
IP geolocation databases can be slow to update. If you connected to a VPN server in Frankfurt but the location still shows your home city, the geolocation database may not yet have updated its records for that IP. Check the ISP field β if it shows your VPN provider, the tunnel is working correctly. Read more about how IP geolocation works.
Does a VPN guarantee I am anonymous?
No. A VPN hides your IP from websites and prevents your ISP from seeing which sites you visit. However, you can still be tracked via browser fingerprinting, cookies, logged-in accounts, and WebRTC leaks. A VPN is one layer of privacy β not complete anonymity.
How often should I test my VPN?
Test after every VPN app update, after switching servers, and periodically if you rely on the VPN for sensitive activity. VPN clients can silently fail after OS updates or network changes.
