Some VPN setups only tunnel IPv4 traffic. If your normal network also provides IPv6, websites can still see an IPv6 route that belongs to your home ISP or mobile carrier. Seeing IPv6 on its own is not always a leak. The real question is whether that IPv6 route still belongs to your original network after the VPN connects.
This test probes an IPv6-only endpoint and enriches any exposed IPv6 address with provider, ASN, and location context.
Start the test to see whether your browser can reach an IPv6-only address.
Loaded during the test.
Run the test to probe IPv6 connectivity.
No IPv6 exposure is usually safe for VPN leak testing.
| Check | Result | Meaning |
|---|---|---|
| Visible IP route | Not checked yet | The normal route this site sees. |
| IPv6-only route | Not reachable | No browser-accessible public IPv6 route was detected. |
| IPv6 provider | None detected | Compare this provider with the VPN location you expect. |
Best use: run once without a VPN, connect the VPN, then run again. If IPv4 changes to the VPN but IPv6 still belongs to your home ISP or mobile carrier, your setup is leaking IPv6.
Important nuance: if your VPN provider supports native IPv6 well, seeing an IPv6 result is not automatically a failure. The failure is when the IPv6 result still maps back to your normal ISP or your expected non-VPN route.
This is why a simple IP change check is not enough. You want the visible route, DNS behavior, and browser behavior to tell a consistent story after the VPN connects.
If you need a broader privacy check after fixing IPv6 behavior, continue into the full VPN verification checklist.
If your VPN does not handle IPv6 at all, disabling IPv6 on the device prevents leaks at the source. Only do this if your VPN has no built-in IPv6 leak protection.
Set-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6 -Enabled $false. To re-enable later, change $false to $true.net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf and run sudo sysctl -p.After disabling IPv6, rerun the homepage IP checker to confirm only IPv4 is visible, then continue with the VPN verification wizard.
If your provider cannot pass repeat IPv6 tests cleanly, treat that as a product limitation, not just a one-time glitch. It is often faster to compare a stronger provider and retest than to keep patching around a weak implementation.
If your IPv6 address appears while connected, the tunnel is not covering IPv6 traffic. Pick a VPN that blocks or routes IPv6 so it cannot expose you.