An IPv6 leak occurs when your real IPv6 address becomes visible to websites and services whilst your VPN or proxy masks only your IPv4 address. Since most VPN applications were developed when IPv4 dominated, many fail to route IPv6 traffic through their encrypted tunnels, leaving your genuine address exposed.
Why this matters: websites can correlate your revealed IPv6 address with your masked IPv4 to identify you, defeating the privacy purpose of using a VPN. Internet service providers and network administrators can also track your activity using this unencrypted IPv6 traffic.
Common scenarios where leaks happen:
- VPN software that lacks IPv6 support or disables it incompletely
- Operating systems that prefer IPv6 connections when both IPv4 and IPv6 are available
- WebRTC (web real-time communication) protocols used by browsers, which can expose IPv6 addresses in peer-to-peer connections
- DNS over IPv6 queries that bypass your VPN's DNS protection
How to check for leaks: use online IPv6 leak testing tools that display all IP addresses your browser reveals. Most will show your real address, VPN address, and any leaked addresses side by side.
Prevention steps: ensure your VPN provider supports and enables IPv6 protection, disable IPv6 in your operating system network settings if your VPN lacks IPv6 support, or use a VPN that explicitly tunnels all IPv6 traffic. Check your browser's WebRTC settings and disable it if privacy is critical. Test regularly using dedicated leak checkers.