Troubleshooting

Fix a WebRTC leak

What WebRTC is, why it can leak your real IP, and how to stop it browser by browser.

What WebRTC is

WebRTC (Web Real-Time Communication) is a set of browser APIs that lets web pages do peer-to-peer voice, video, and data without an extension. It powers Google Meet, Discord voice channels, the in-browser bits of Zoom, Jitsi, Whereby, and most "click to talk" web apps.

To set up a peer connection, the browser needs to know your public IP — that's how the other side reaches you. WebRTC discovers it by asking a STUN server. Once it knows the address, the browser can offer it to any page that asks via the WebRTC API.

What a WebRTC leak is

A WebRTC leak is when a page silently triggers that STUN lookup and the browser hands back your real public IP instead of the VPN's. With a couple of lines of JavaScript any site can do this in the background — no prompt, no user action — and learn your real address even while you're behind a VPN.

This is a browser-level leak, not a VPN-level leak. Traffic is still routed through the tunnel for normal HTTP, but WebRTC's STUN request operates above the tunnel: the browser already knows the answer locally and just tells the page.

How to test

Run the in-browser tester while the VPN is connected:

fexyn.com/tools/webrtc-leak-test

The page asks the browser for any IPs it would surface to a WebRTC peer and shows them. Two things to look for:

Public IPs. Should match the Fexyn server's IP, not your home/ work IP. Compare against what-is-my-ip.
Local IPs. Things like 192.168.x.x or 10.x.x.x. These are addresses on your home network. They're a minor privacy concern (they hint at your network topology) but they don't identify you on the internet.

Per-browser mitigation

Firefox

Open a new tab and go to about:config. Accept the warning.
Search for media.peerconnection.enabled.
Toggle it to false.

That fully disables WebRTC. Voice/video calls in browser-based apps will stop working until you flip it back.

Brave

Open brave://settings → Privacy and security → WebRTC IP Handling Policy.
Choose Disable non-proxied UDP.

This is the strongest setting that doesn't fully break WebRTC. Calls still work; only the IP discovery step is restricted to the proxy.

Chrome and Microsoft Edge

Neither has a built-in WebRTC toggle. Install one of the established privacy extensions (uBlock Origin's "Prevent WebRTC from leaking local IP addresses" option, or a dedicated extension like "WebRTC Network Limiter" published by Google). Pick from the official Chrome Web Store / Edge Add-ons store; avoid random one-star extensions claiming to "fix WebRTC".

As an alternative, switch the workflow to Brave or Firefox where the toggle is built in.

VPN-tunnel leaks vs browser WebRTC exposure

These are different problems with different fixes:

VPN tunnel leaks are when traffic at the network level leaves outside the tunnel. Fexyn's WFP-based kill switch and DNS rules are designed to prevent this. Reconnect, switch protocol, or run the DNS leak fixes if those checks fail.
Browser WebRTC exposure is the browser API handing your real IP to a page. The VPN tunnel is intact; the browser just knows your real address and shares it on request. The fix lives in the browser, not the VPN.

If both are leaking, fix the tunnel first — the VPN-side fix is faster and rules out the harder browser configuration as the cause.

Re-test

After applying the browser change, restart the browser and rerun the test. The public IP shown should now match the Fexyn server, and the local IP either should be empty or show only the address of the VPN tunnel adapter.

What this means for your privacy

Fexyn does not log browsing history, DNS queries, or traffic content (see the no-logs policy). A WebRTC leak doesn't change anything we collect on our side — the leak goes from your browser straight to whoever's page you're on. They get your real IP, we don't.

When to contact support

WebRTC leak fixes are browser-side, so support can't change behavior on your machine remotely. We can help you confirm the test result and pick the right browser setting if you're stuck. Email support@fexyn.com with the browser name and version and the test result page URL.