Difference in IP addresses using ipleak vs other generic what's my IP sites

VPN
1

TL;DR: when connected to PIA, ipleak shows a different public IP in a different city versus literally every other generic “what’s my ip” website. Just curious if anyone else has seen that or knows why that may be?

More details below for those interested in the full story:

So I am pretty new to the home media server game, but I built a media machine around 8 months ago and have been using it with no issues. Details below:

  • Windows 10
  • using Plex, Sonar, Radar, qBittorrent, and Private Internet Access (PIA) for the VPN. All apps installed on the computer. Not using any type of container or docker application
  • In PIA, I had the killswitch and advanced killswitch settings enabled as well as having PIA DNS set as the dns config. No split tunnel enabled.

for the past few months everything has been humming along just fine. I am definitely not a consumer of lots of content, but I’ve downloaded a fair number of movies and TV shows with no problems (roughly 30 movies and maybe 10 shows total). But, this morning I woke up to an email from my ISP about a movie I added through Radar last night. I was a little surprised because I haven’t had any issues before now. I checked my machine and the VPN was active and I didn’t see anything that stood out.

After browsing this sub, specifically the pinned post, I found some additional settings that I tweaked, such as binding qBittorrent to the VPN NIC. I’m hoping that corrects my issue, because before it was set to “any nic” or whatever the actual name of the setting is called.

After making those changes, I used the suggested sites in the pinned post to confirm I wasn’t leaking any Public IP, DNS, or Torrent IP connections. All of the tests in the post, as well as using other generic IP detection and DNS leak sites show the same IP information, with the exception of ipleak.net. Ipleak shows completely different IPs for my machines IP, DNS IPs and Torrent IPs. The IPs ipleak shows is not my actual ISP IP, but also differs from my VPN IP. I’m probably being overly cautious because of the email from last night, but just curious if anyone else has seen a similar discrepancy when using ipleak?

2

Are you connected to a virtual location server? PIA has some and differentiates them with a little globe near server name. You can also check this list but I don’t know if it’s updated: https://www.privateinternetaccess.com/blog/private-internet-access-reveals-physical-locations-of-35-geo-located-regions/

If I had to hazard a guess I’d say perhaps they’re using a method that gets the physical location IP (and city) rather than the virtual one. I’ve heard this is possible but u/iqBuster and u/simplex0991 are the network pros around here and should be able to fact-check this or advance other explanations.

3

Thanks u/daiqo

The most likely explanation: PIA reroutes HTTP/S traffic on their “p2p-optimized” servers elsewhere (ports 80, 443, 8080) while default traffic (including BT) exits directly from the server. A plausible reason for this: have dirty traffic use the tolerating provider, while HTTP traffic is rerouted elsewhere to avoid most blocks and banlists. This is a speculation that’d require thorough testing. PS: They have to do this for netflix already

Own IP and DNS IP will always differ. DNS IP in many cases shows client’s approximate geographic region and reveals the ISP, since all ISPs have their own DNS resolvers and only few internet exchange access points per country, where the DNS server is located. Machine IP is obviously the IP that carried your traffic.

Though despite the above speculation it’s a weird setup. IPLeak uses the tracker for detection and that’s on HTTPS iirc. I can’t say anything conclusive wihout lots of testing.