I see addresses ending in .local — is that a leak?

No. Modern browsers hide LAN IPs behind mDNS hostnames by default, which is the intended privacy-preserving behaviour.

My VPN is on but a public IP shows here — why?

Some VPN apps only route HTTP traffic and leave UDP-based WebRTC on the default interface. Check your VPN's kill switch or WebRTC setting.

Does the tool send my IP anywhere?

The IP is gathered by your browser using public STUN servers and displayed here in JavaScript. CheckMySys does not log it.

WebRTC Leak Test

How the WebRTC leak test works

Click Start leak test. The tool opens anRTCPeerConnection configured with public STUN servers (Google and Cloudflare). The browser gathers ICE candidates — potential paths a peer connection could take — and each candidate includes an IP address.

Host candidates reveal your LAN-side IP. Server-reflexive (srflx) candidates — learned from the STUN server's response — reveal the public IP your connection actually uses. Both are shown above, classified as local or public.

Why this matters for VPN users: if you are connected to a VPN but a public IP shown here is your real ISP IP (not the VPN endpoint), your network location is leaking through WebRTC even while your web browsing appears routed.

Why recent browsers show .local addresses: modern Chrome, Firefox, and Safari obscure LAN-side IPs behind mDNS host names by default — that is the expected and correct behaviour.

No addresses are sent to CheckMySys. The tool only contacts public STUN servers to elicit the server-reflexive candidate; the browser then hands it to this JavaScript where it is classified and shown.

Related tools

Check which local and public IP addresses your browser exposes through WebRTC ICE candidate gathering — useful for verifying VPN privacy.