6 VPN tests to take if your VPN isn’t working properly

A VPN test checks whether your VPN masks your identity and traffic. In fringe cases, your VPN can leak your IP address, DNS requests, or WebRTC data even when it appears connected — exposing your location and activity without you realizing it. These six tests take under 10 minutes total and reveal whether your VPN is truly protecting you — for total peace of mind every time you go online.

How to check if your VPN is working (a 2-minute checklist)

Before running deeper diagnostics, use this quick checklist to confirm whether your VPN (Virtual Private Network) is actually protecting your privacy:

1. Your IP (Internet Protocol) address changes when the VPN is on vs. off.
2. Your DNS (Domain Name System) servers change after connecting to the VPN.
3. No WebRTC (Web Real-Time Communication) leaks detected during testing.
4. Internet speed remains reasonable with minimal slowdown.
5. Previously restricted content is now available.
6. No malware or suspicious behavior detected within the VPN software.

If any of these checks fail, jump to the corresponding test number below to identify and fix the issue.

Test 1: DNS leak test

Time required: ~1-2 minutes

Tools used: a reputable DNS leak testing site and a web browser

If the test fails: your ISP may still track the websites you visit

This test checks whether your DNS requests are routed through the VPN rather than your ISP (Internet Service Provider). It takes about one to two minutes and requires nothing more than a browser and a DNS leak testing website. 

If the test fails, your ISP may still be able to see which websites you visit, even if your IP address appears hidden.

How to run the test

Start by testing your connection without the VPN so you have a baseline for comparison:

1. Turn your VPN completely off.
2. Visit a DNS leak testing website.
3. Note the DNS servers listed (usually provided by your ISP or a public resolver).

Once you have a baseline, repeat the test with the VPN enabled:

4. Connect to any VPN server.
5. Refresh the DNS leak testing website.
6. Check whether the listed DNS servers have changed.

For extra confidence, repeat the test using a different VPN server or another browser.

Interpreting the results

If the VPN is working correctly, the DNS servers should no longer be associated with your ISP. They will either belong to the VPN provider or to a trusted third-party resolver used by the VPN.

Seeing your ISP’s DNS servers after connecting to the VPN strongly suggests a DNS leak.

Common fixes

Most DNS leaks can be resolved by enabling DNS leak protection in the VPN app, restarting the device to clear cached network settings, or disabling browser-level DNS features that override system DNS behavior. 

In some cases, manually changing DNS settings according to the VPN provider’s documentation is necessary.

Test 2: IP address leak test

Time required: ~1-2 minutes

Tools used: any IP checking site and a web browser

If the test fails: your regular IP address and location may be exposed

This test checks if your regular IP address is fully masked when the VPN is active. It takes about one to two minutes and only requires a browser and an IP-checking website. 

If this test fails, your regular location and your ISP’s name are still visible, which undermines the core purpose of using a VPN. It also puts your privacy at risk, as there are plenty of harmful things someone can do with your IP.

How to run the test

You’ll start by checking your regular connection so you have something to compare against later:

1. Disconnect your VPN completely.
2. Visit an IP-checking website.
3. Note your IP address, ISP name, and reported location.

With that baseline in mind, repeat the test while connected to the VPN:

4. Connect to a VPN server in a different country or region.
5. Refresh the IP-checking page. 
6. Compare the new IP address, ISP, and location to the previous results.

Testing a second VPN server can help rule out server-specific issues.

Interpreting the results

A working VPN will replace your real IP address with one assigned by the VPN server, and the ISP name should change accordingly. Country-level location should match the VPN server region, though city-level mismatches are common due to imperfect geolocation databases.

If your original IP address or ISP information remains visible, you’re most likely dealing with an IP leak.

Common fixes

IP leaks can be caused by split tunneling, disabled kill switches, or IPv6 traffic bypassing the VPN. Disabling split tunneling, enabling the kill switch, switching VPN protocols, or disabling IPv6 (recommended) usually resolves the issue.

Test 3: WebRTC leak test

Time required: ~1-2 minutes

Tools used: a WebRTC leak testing site and a modern web browser

If the test fails: your browser may leak your local network details and the IP address

This leak test checks whether your browser exposes IP information via WebRTC, a technology used for real-time communication such as video calls (and sometimes gaming). This test takes about one to two minutes to complete and requires a browser and a WebRTC leak testing site. 

If it fails, your real IP or local network details may be exposed during browser-based activity.

How to run the test

Begin by observing what information is exposed without the VPN:

1. Disconnect your VPN.
2. Visit a WebRTC leak testing website.
3. Note any IP addresses shown.

Then repeat the test with the VPN enabled:

4. Connect to your VPN.
5. Refresh the WebRTC test page.
6. Check whether your real or local IP addresses are still visible.

Running the test in multiple browsers can help identify browser-specific behavior.

Interpreting the results

When the VPN is working properly, the test should show only the VPN’s IP address or no IP addresses at all. If your regular public IP or local network IP appears, WebRTC is bypassing the VPN tunnel.

Common fixes

WebRTC leaks are usually addressed by disabling WebRTC in browser settings, installing browser extensions that limit WebRTC behavior, or using a VPN that blocks WebRTC traffic automatically. Browser choice can also matter, as WebRTC handling differs across them.

Test 4: VPN speed test

Time required: ~2-3 minutes

Tools used: a speed testing site

If the test fails: the VPN may be too slow for everyday use

A VPN speed test helps you understand how much impact the VPN has on performance and whether your current server or settings are optimal. The test takes around two to three minutes and requires a standard internet speed testing site. 

If results are poor, everyday activities like streaming, gaming, or video calls may be affected.

How to run the test

First, establish a baseline speed without the VPN:

1. Disconnect your VPN.
2. Run a speed test and note download speed, upload speed, and latency.

Next, repeat the test with the VPN enabled:

3. Connect to your preferred VPN server.
4. Run the same speed test again.
5. Compare the results to your baseline.

Trying multiple VPN servers or testing at different times of day can provide a more accurate picture.

Interpreting the results

After connecting to a VPN, some slowdown is expected due to encryption and routing. A small to moderate (10-50%) reduction is normal, while severe (50%+) drops often point to congestion, distant servers, or inefficient protocols rather than a broken VPN.

Common fixes

Performance issues can often be improved by choosing a server closer to your physical location, switching to a faster protocol like WireGuard, avoiding peak usage hours, or using a wired (Ethernet) connection instead of Wi-Fi.

Test 5: VPN malware and integrity check

Time required: ~2-3 minutes

Tools used: a virus scanning service

If the test fails: the VPN software may be unsafe or compromised

This test evaluates whether the VPN software itself is potentially malicious or compromised. It takes about two to three minutes and requires access to a multi-engine malware scanning service.

If this test fails, the VPN software could pose a direct security or privacy risk.

How to run the test

Rather than scanning an installed app, you’ll scan the installer file itself:

1. Download a VPN installer from the provider’s official website.
2. Do not install it yet.
3. Upload the installer file to a malware scanning service.
4. Wait for the scan to complete and review the results.

Interpreting the results

If no engines flag the file, the installer is unlikely to contain known malware. Multiple detections, especially from reputable scanning engines, suggest the software may be unsafe.

It’s important to note that a clean scan does not guarantee strong privacy practices, as many VPN risks come from logging or data collection rather than malware.

Common fixes

If an installer is flagged, don’t run it and choose a different provider instead. Stick to official download sources, look for independent security audits, and be cautious of VPNs that heavily rely on free offerings without a clear business model.

Test 6: Secure access on restricted networks

Time required: ~1-2 minutes

Tools used: a web browser and a list of blocked or restricted websites

If the test fails: the VPN may not work on censored or blocked networks

This test checks whether your VPN can access content restricted by oppressive censorship, autocratic regional blocks, and network firewalls. It takes about one to two minutes and requires only a browser and the URLs of content that is normally inaccessible on your network. 

If the test fails, the VPN may not work reliably on restricted connections.

How to run the test

Start by confirming that the restriction exists without the VPN:

1. Disconnect your VPN.
2. Attempt to access a website or service known to be blocked on your network.
3. Confirm that access is restricted or unavailable.

Then repeat the attempt with the VPN enabled:

4. Connect to a VPN server in an unrestricted region.
5. Try accessing the same content again.
6. Check whether the site loads and functions normally.

Interpreting the results

If the content becomes accessible, the VPN has successfully bypassed the restriction. If it remains blocked, the network may be actively detecting and blocking VPN traffic.

Common fixes

When bypassing restrictions fails, switching servers, changing protocols, or enabling obfuscation features (if available) often helps. In heavily restricted environments, not all VPNs are effective.

Disclaimer: Please note that using Surfshark services for any illegal activities is strictly forbidden and violates our Terms of Service. Make sure that any use of Surfshark services for your particular activities conforms to all relevant laws and regulations, including those of any service providers and websites you access using Surfshark.

What to do if VPN tests fail

If one or more VPN tests fail, it doesn’t automatically mean your VPN is broken or unsafe. Most problems are caused by temporary network conditions, conflicting settings, or software interference. 

Working through the steps below in order will resolve the majority of issues without the need for advanced configuration.

Start with basic troubleshooting

These steps address the most common causes of a VPN not working properly and are quick to test. Even experienced users should start here, as many problems are surprisingly simple.

1. Change VPN servers and reconnect. Individual servers can become overloaded, blocked, or temporarily unstable. Switching locations often restores normal behavior.
2. Switch VPN protocols in the app settings. Different protocols behave differently across networks. If one struggles to connect or pass traffic, another may work immediately.
3. Update the VPN software. VPN apps rely on system-level networking components, which can break after operating system updates if the app is outdated.
4. Check your underlying internet connection. Disconnect the VPN and confirm that websites load normally. A VPN cannot function reliably on an unstable base connection.
5. Restart your device. Restarting clears cached network state and resets adapters, resolving many issues.

If the VPN won’t connect or keeps disconnecting

When a VPN fails to establish or maintain a connection, the cause is often external interference rather than a fault with the VPN itself.

Begin by checking for conflicts:

1. Temporarily disable antivirus or firewall software and test the connection. Some security tools block or inspect encrypted traffic, preventing VPN tunnels from forming correctly.
2. Make sure no other VPN software is installed or running. Multiple VPNs competing for control of the network stack can cause persistent connection failures.
3. Try connecting from a different network. Switching to a mobile hotspot can help determine whether the original network is restricting VPN traffic.

If the VPN works on another network, the issue is almost certainly related to network-level filtering or restrictions.

If your VPN says connected but still doesn’t work

In some cases, a VPN reports a successful connection even though traffic is not actually being routed through the tunnel. This usually happens when system settings, browser features, or security software override the VPN’s routing rules.

If your VPN appears connected but tests still fail, focus on the following checks:

1. Run a full malware scan on your device. Malicious software can interfere with network routing or hijack DNS requests.
2. Update your operating system and network drivers. Outdated drivers can prevent VPN tunnels from passing traffic correctly, even when the connection appears active.
3. Temporarily disable security software and test again. If the VPN works while disabled, you’ll need to add exclusions or adjust settings rather than leave it off permanently.

After each change, reconnect to the VPN and rerun the relevant tests to confirm that traffic is now routed correctly.

Resolving persistent leaks (DNS, IP, or WebRTC)

If leak tests consistently fail, the issue is usually caused by system-level or browser-level features bypassing the VPN tunnel.

To check for these:

1. Enable all available leak protection features in the VPN app. This typically includes DNS leak protection, a kill switch, and IPv6 handling.
2. Review split tunneling settings carefully. Any traffic excluded from the VPN can appear as a leak during testing.
3. Disable IPv6 if your VPN does not fully support it. On some systems, IPv6 traffic can bypass the VPN entirely.
4. Check browser-specific network features. Settings such as DNS over HTTPS or WebRTC can override system routing and must be configured carefully.

Once changes are made, restart the device and repeat the relevant leak tests.

Addressing slow speeds and performance issues

Slow performance does not necessarily mean the VPN is malfunctioning. Speed is influenced by server distance, congestion, protocol choice, and local network conditions.

To troubleshoot slow VPN speeds:

1. Connect to a VPN server closer to your physical location. Shorter distances generally result in lower latency and higher speeds.
2. Switch to a faster VPN protocol if available. Modern protocols typically outperform older ones in both speed and stability.
3. Close bandwidth-intensive applications while testing. Background downloads or streaming can significantly affect results.
4. Test performance at a different time of day. Peak usage hours can impact both VPN servers and your ISP.

When to contact support

If none of the above steps resolve the problem, the issue may be account-specific or related to the VPN service itself.

At this point, contacting the VPN provider’s support team is the most effective option. Providing details such as which tests failed, error messages, and the steps already taken will help resolve the issue more quickly.

Conclusion: should you always keep your VPN on?

A VPN is only useful if it actually does what you expect it to. Occasionally running these six VPN tests helps confirm that your traffic is protected, your settings aren’t leaking, and your connection behaves as intended. A few quick checks can make the difference between assumed protection and a real one.

FAQ

How do I know if my VPN is working correctly?

Run DNS, IP address, and WebRTC leak tests with your VPN off, then repeat them with it turned on. If the results change and show VPN server information instead of your regular details, your VPN is working correctly.

How often should I test my VPN?

Test your VPN after installation, updates, or device changes, and whenever you notice connection issues or unusual behavior. Regular testing helps ensure your privacy protection remains reliable.

How can I test my VPN for free?

You can use free IP-checking and DNS-leak testing tools to confirm your connection is encrypted, and your regular location is not exposed.

How do I fix VPN connection issues quickly?

Start by switching servers, restarting the app, and verifying your internet connection. If problems persist, updating the VPN app or temporarily disabling conflicting network settings usually resolves the issue.

Can antivirus software interfere with VPN testing?

Yes, some antivirus programs can block VPN traffic or interfere with leak tests. Temporarily disable antivirus software during testing, or use integrated security solutions that are designed to work together.

How does a VPN affect internet speed?

A VPN may slightly reduce speed due to encryption and the need to route traffic through a secure server. Choosing a nearby server and a modern protocol usually minimizes potential slowdowns.

How do I check if my VPN is working on my Android?

After connecting, check that the VPN key or status icon appears and verify your IP address has changed. You can also run IP and DNS leak tests to confirm that apps and browsers are routing traffic through the encrypted connection.

How do I check if my VPN is working on my iPhone?

Look for the VPN indicator in the status bar and confirm the connection in your VPN app’s settings. Then, run a DNS leak test, IP leak test, and WebRTC leak test to verify that your traffic routes through the VPN connection.