VPNRank.io

Is My VPN Working?

Run the guided check below to find out in under a minute. It shows the IP address and location websites currently see, asks you to confirm whether that's really you, then tests for WebRTC leaks and timezone inconsistencies — and ends with a clear verdict: WORKING, LEAKING, or NOT CONNECTED.

Check 1 of 3 — Your public IP & location

Check 2 of 3 — WebRTC quick check

Waiting for check 1 — answer the location question above to start.

Check 3 of 3 — Timezone consistency

Compares your device timezone with your IP's timezone once the checks above finish.

The 5 Signs a VPN Isn't Working

A VPN can look perfectly healthy — app open, button green, "Connected" in the menu bar — while protecting nothing. The app status only tells you the software thinks a tunnel exists; it says nothing about what your traffic is actually doing. These are the five failure modes we see most often, and the reason this page tests from the outside rather than trusting the app:

SignWhat's happeningHow to catch it
1. Real IP visibleThe tunnel never formed, or traffic bypasses it entirelyCheck 1 above — the location question
2. WebRTC leakThe browser hands out your real address around the VPNCheck 2 above, or the full WebRTC test
3. DNS leakLookups still go to your ISP's DNS servers, exposing every site you visitA dedicated DNS leak test
4. Silent dropsThe tunnel dies mid-session and traffic continues unprotectedA kill switch test (see below)
5. Fingerprint mismatchYour device timezone or language contradicts your VPN locationCheck 3 above — timezone consistency

The first sign is the fatal one. If websites can see your real IP address, nothing else the VPN does matters — encryption of a tunnel your traffic isn't using protects nobody. That's why the checker above starts there, and why our What Is My IP tool is the single most useful bookmark for any VPN user. Signs two and three are sneakier: your main connection is masked, but a side channel — the browser's WebRTC stack, or the operating system's DNS resolver — quietly reports back to your real network. A dedicated DNS leak test is coming to vpnrank.io soon; until then, signs one, two, and five are all testable on this page in under a minute.

How to Read Your Verdict

The checker combines your answer and the two automatic checks into one of three verdicts. Here is exactly what each one means and what to do next:

VerdictWhat it meansWhat to do
WORKINGYour IP shows the VPN server's location, and WebRTC revealed no other public addressNothing — optionally fix a timezone mismatch if you care about fingerprinting
LEAKINGThe main tunnel works, but WebRTC exposed a different public IP — very likely your real oneEnable WebRTC protection in your VPN's browser extension, or disable WebRTC; re-test
NOT CONNECTEDYou confirmed the detected location is really yours — the VPN isn't masking anythingReconnect, disable split tunneling for your browser, and run the check again

One honest caveat: no browser-based test can prove a VPN is perfect. We can see what your browser exposes to websites — which is what matters most — but we can't see inside your operating system's routing table or watch what happens when your Wi-Fi blips at 2 a.m. A WORKING verdict means you pass the checks any website could run against you right now. For the full picture of how a VPN behaves under stress, that's what our lab methodology is for, and our step-by-step guide to testing your VPN walks through every manual check in depth.

What Each of the Three Checks Actually Tests

Check 1: IP and location — why we ask you

The first check fetches the public IP address your connection presents to every website, plus the city and country it geolocates to. Then it asks you a question no algorithm can answer: is that where you really are? Geolocation databases are accurate at country level but fuzzy at city level, and we have no way of knowing your true location — nor should we. You do, instantly. If the page says Amsterdam and you're on a sofa in Manchester, your VPN is masking you; if it names your actual city, it isn't. This human-in-the-loop step is more reliable than any datacenter-name heuristic, because some VPN exits deliberately use residential-looking addresses. To dig into any specific address — yours or a server's — use the IP address lookup.

Check 2: the WebRTC quick check

WebRTC is the browser technology behind in-page video calls. To connect two peers directly, it asks a STUN server "what address do I appear from?" — and historically, browsers would hand the answer, including your real IP, to any webpage that asked, even with a VPN connected. Our check runs the same request a malicious page would: it gathers your browser's WebRTC candidate addresses and compares any public ones against the IP from check 1. Modern browsers mask local addresses with anonymized .local mDNS names, so most people pass — but a VPN misconfiguration can still expose the real address. If this check fails, the full WebRTC leak test shows every candidate address and the exact fix for your browser, and our WebRTC leak glossary entry explains the mechanism in depth.

Check 3: timezone consistency

Any website can read your device's timezone with a single line of JavaScript — no permission prompt, no warning. If your IP says New York but your device says Europe/Rome, a site fingerprinting its visitors knows something doesn't add up. This won't unmask your identity by itself, and it never changes your verdict — but it's exactly the kind of signal streaming platforms and payment processors use to flag VPN users. If passing as local matters for what you do, set your device timezone to match your VPN server's region before you browse.

The Kill Switch: Protection for the Moment Your VPN Fails

Everything this page tests is a snapshot: your VPN's state right now. But VPN connections drop — when your laptop wakes from sleep, when you switch from Wi-Fi to mobile data, when a server restarts. In that gap, your operating system helpfully falls back to the regular connection, and every open app continues talking with your real IP. You usually notice nothing.

A kill switch closes that gap: it blocks all internet traffic the instant the tunnel dies, so nothing escapes unprotected while the VPN reconnects. It's the difference between a VPN that works when conditions are perfect and one that protects you when they aren't. Every provider we recommend ships one, but defaults vary — some enable it out of the box, others hide it behind a settings toggle. Turn it on, then verify it actually fires with our step-by-step VPN kill switch test. A kill switch you've never tested is a hypothesis, not a safety net.

If you leave this page with one habit, make it this: treat "VPN on" as a claim to verify, not a fact. The full routine — IP check, WebRTC, DNS, kill switch — takes about two minutes, and this page automates the first three signals for you.

What to Do If Your VPN Failed the Check

Work through these in order — most failures resolve at step one or two:

  1. Reconnect properly. Fully disconnect in the VPN app, wait five seconds, reconnect to a different server, then run this check again. Transient drops and half-dead connections cause most NOT CONNECTED verdicts.
  2. Check split tunneling. If your VPN has a split tunneling or "bypass" list, make sure your browser isn't on it — a browser routed outside the tunnel shows your real IP no matter how healthy the VPN is.
  3. Fix WebRTC. For a LEAKING verdict, install your provider's browser extension (most include WebRTC protection) or disable WebRTC in your browser's settings, then confirm with the full WebRTC leak test.
  4. Enable the kill switch so the next silent drop doesn't expose you for minutes before you notice.
  5. If it keeps failing, change providers. A VPN that repeatedly fails basic exposure checks is not worth troubleshooting forever. In our lab testing, NordVPN, ExpressVPN, and Surfshark passed every leak and kill switch test we threw at them; the complete comparison is in our best VPN rankings. All of our top picks offer 30-day money-back guarantees, so you can run this exact page against a new provider risk-free.

VPN Testing Questions, Answered

How often should I check that my VPN is working?

Run a check whenever the stakes change: after installing or updating the VPN app, after changing any setting, when joining an untrusted network like hotel or airport Wi-Fi, and before doing anything you specifically need the VPN for. Connections that worked yesterday can fail today — an app update can reset your split tunneling rules, and a new browser version can change WebRTC behavior.

Can a VPN say "Connected" and still not protect me?

Yes — that's the whole reason this tool exists. The app status reflects the tunnel's handshake, not your traffic's actual path. Split tunneling exclusions, IPv6 traffic escaping an IPv4-only tunnel, WebRTC side channels, and DNS requests routed outside the VPN can all leak while the app shows a reassuring green checkmark. Trust external checks, not the app.

Why does the tool ask me if the location is real instead of deciding itself?

Because you are the only reliable source for that fact. Software can guess from network names — a datacenter ISP suggests a VPN, a consumer ISP suggests a home connection — but the guess fails on residential-style VPN exits and corporate networks. You know in half a second whether "Frankfurt, Germany" is where you're sitting. Asking beats guessing.

The verdict says WORKING but a streaming site still blocks me. Why?

Masking your IP and defeating a streaming platform's VPN detection are different problems. Platforms maintain blocklists of known VPN server addresses, so a perfectly working VPN can still be recognized and blocked. Switching to a different server from the same provider usually helps, and fixing a timezone mismatch (check 3) removes one more detection signal.

Is a timezone mismatch actually a problem?

It depends on your goal. For basic privacy — hiding your browsing from your ISP or a public Wi-Fi operator — it's irrelevant. For appearing local to a website, it's a real tell: your IP claims one country while your device clock says another. Fingerprinting scripts combine dozens of such signals. If it matters, align your device timezone with the VPN server's and re-run the check.

Do I need to test on every device separately?

Yes. A VPN's state is per device — and sometimes per app. Your laptop can be fully tunneled while your phone sits exposed on the same Wi-Fi, and a browser with a VPN extension protects only that browser, not the rest of the system. Open this page on each device you rely on. If you run the VPN on your router instead, one test from any device behind it covers everything on that network.

Does this page send my data anywhere or store my results?

No. The IP check calls our own endpoint (which every website you visit effectively performs anyway), the WebRTC check runs entirely inside your browser against a public STUN server, and the timezone comparison happens locally. We don't store your answers, your addresses, or your verdict.

Failed the Check? Your VPN Failed You

Every VPN in our rankings passed these exact tests — IP masking, WebRTC, DNS, kill switch — on real hardware. See the VPNs we actually tested and stop guessing.

See Our Top-Rated VPNs

8 VPNs benchmarked on real hardware — see how we test.