How to Test Your VPN

There are two types of VPNs: those that work and those that don’t. Some users distinguish between the two by comparing free and paid VPN services. That is surely an oversimplification, but the point is that not all VPNs work equally well. Just because you can unblock a site does not mean the VPN is protecting you from prying eyes.

But the question remains: how to test if your VPN is working? Well, we have some answers.

How to test if your VPN is working

To ensure online protection, one needs to understand what does it mean to test a VPN. A VPN tunnel is either up or down – as simple as an on/off switch. But even when it’s up, it still can have vulnerabilities that hackers can potentially exploit.

To put it simply: most hackers take advantage of any imperfections a computer system has. Software engineering is a very complex process, and the result is never flawless. Mistakes are inevitable, but not necessarily dangerous. Programs are scrupulously tested before being released, especially when it comes to security features. If a bug is left out and results in a software glitch, it creates an open window for unauthorized parties to enter the system. But it does not mean everything is exposed! Hackers can only access what is available to them. For example, the addresses of sites you visit, but not the exact contents.

No system is created to withstand every possible attack on Earth. VPNs are no exception. However, there are some vulnerabilities worth testing if you don’t want to jeopardize your privacy. So let’s see how to perform basic VPN checks.

Test my VPN encryption strength

Encryption is included in every VPN service, it is an absolute must-have. Ciphering is a fundamental security feature in all telecommunications. Without it, no system can be safe. But how to test your VPN security? By trying to peek into your network traffic.

To carry this out, you need to use a program to intercept and analyze data. Wireshark is a popular and free solution. It is a complex tool, but let’s demonstrate how to use it simply. First, download and install it – shouldn’t be too hard, you can safely leave any additional options default. Then, open it and on the first screen choose a network interface to capture data from. It is normal to have several of them. They correspond to wired, wireless, and virtual online connections. You need to choose the one you normally use for Web surfing.

Your device most probably sustains a number of Internet activities in the background, which will all be cluttering your view when looking into the data packets. To simplify things, do the following:

1. Choose an unprotected page to be able to sniff its content, without being blocked by HTTPS protocol. A good example for this test is NeverSSL.
2. Start the capture in Wireshark by double-clicking the chosen interface on the welcome screen.
3. Quickly reload the test page (CTRL+F5 in Windows browsers or Option+Command+R on Apple’s Safari).
4. Stop the capture immediately after the page is refreshed.

Remember that the faster you do this, the shorter the list will be and easier to handle. The result is shown in three sections: a list of packets sent and received, decoded contents of a selected packet, and raw data bytes.

Scroll through the displayed list to find the packet with web content. It will have the value ‘HTTP’ in the column Protocol. The Info section should contain the data format: ‘text/html’ in this example. Select it and find HTML text in the middle section, as shown on the screenshot. If you can see this – then there is no encryption applied.

Now perform the same steps with your VPN app enabled. There should be no HTTP protocol at all:

This list was made with tuxlerVPN software and NeverSSL as a test page. No packet has plainly visible website contents. Security protocols applied were ISAKMP and TLSv1.2, which is one of many possible combinations in VPN implementations. Information about malformed packets means that Wireshark couldn’t analyze the encrypted data.

Test my VPN location

VPN uses IP masking in order to hide the user’s address. It replaces your IP with that of one of its VPN servers. What does it have to do with your VPN location test?

The global pool of IP addresses is shared and managed by various Internet entities. Groups of addresses are assigned to specific Internet Service Providers, who distribute them in their geographical regions. Information about assignments is public. To test your VPN server location, you can use websites like WhatIsMyIPAddress.com or IP2Location. They retrieve the user’s IP and look up its geolocation. With VPN disabled, you should receive information about your real location or a city nearby. If you connect through a safe and correctly working VPN tunnel, the location you will see will be fake as it will be the location of one of the servers your VPN is using. 

The services mentioned above access databases containing IPs and other data vital for the organization of the whole Internet. By default, they present your IP as seen from the outside world. They can also provide information about any public IP there is. IP lookup is quite simple, many VPN providers include it on their websites. The easiest way to check if a VPN is working is to visit one’s website, like the homepage of TuxlerVPN. When connected to a secured server, you will see a random IP address on the top of the site’s homepage. Otherwise, it will display your IP.

Test my VPN speed

This is a crucial aspect of any Internet connection. Nobody likes lagging and slow loads! But safety is always more important than speed. VPN must encrypt your transfer, and send it to a remote server where it gets decrypted and relayed to the real destination. This inevitably takes time. Manufacturers strive to minimize the computing overhead by optimizing their apps and servers. However, in identical conditions, a connection with VPN enabled will always be slower than the one without it. The provider could also provide limited data rates for cheaper subscription plans.

So, how to test my VPN connection speed? No surprise here: under ideal circumstances, the Internet speed with VPN and without it should be the same. There are plenty of free online services dedicated to measuring connection speed. Examples are Measurement Lab and Speedcheck. They perform a series of downloads and uploads to a chosen server and give the result (usually in Mbps) after several seconds. If you need more insight, use a test allowing you to choose a server location manually, like Speedtest. This way you can get an idea about transfer speed from various regions of the world. Remember that this is an estimation, not a constant value. It depends on the distance to the server, its current load, the complexity of your request, and background processes performing online activities on your computer.

Is my VPN leaking test

There are two possible issues with VPN which might be considered flaws. The first is a DNS leak. Online activities often require translation of domain names, which is carried out by Domain Name System queries. Despite being connected to a VPN, it is possible to contact a DNS server supplied by the ISP. This means that a list of web pages you visit can ‘leak’ to unauthorized hands.

The other VPN leak to check is WebRTC (Real-Time Communication). It is a feature of modern browsers that allows them to communicate directly and with minimal delay. It is used for multiplayer gaming, online meetings, and webinars. Such a straight channel requires exchanging public IP addresses. Alas, this is a security loophole, because WebRTC can bypass the encrypted VPN tunnel. A potential attacker can use this technique to obtain the true IP of someone hiding behind a VPN.

Not all VPN providers have implemented means of preventing those vulnerabilities. So, how to test my VPN leaks? By using one of the specialized online services. Try dnsleaktest.com or dnsleak.com. They send a series of domain names to resolve. The computer queries a DNS server, which is shown as a test result. If it is the same server (supplied by the ISP) regardless of whether a VPN tunnel is up, then there is a DNS leak. An online app on the BrowserLeaks site can perform a WebRTC leak check. Turn the VPN on and do the test. If the returned IP is the same as your true IP, then you have a WebRTC leak.

Those who treat online security seriously know that any VPN solution needs to earn its users’ trust. Popularity and marketing claims on a website do not guarantee safety, unfortunately. Now you know how to carry out basic tests yourself. Make sure you chose a reliable VPN and browse safely!

BackNext article