How to check to see if a VPN is working correctly?

VPN
1

In the olden days (last week using OpenVPN/NordVPN) I would look at the routing table with ‘ip r’ and see that the default route was pointing at the VPN device ‘tun0’.

Now I’ve switched to Nordlynx (wireguard) and the routing table shows

default via 192.168.0.1 dev wlp3s0 proto dhcp metric 20600 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.108 metric 600

… which kinda tells me that traffic is going without the VPN. However, when I go to https://whatismyipaddress.com/ it shows a location 1000km away - so maybe the VPN is working.

But I’m just not sure.

Can anyone tell me how to be certain?

Bonus marks for a lightweight CLI command that I can run every (say) 2s to verify the VPN.

2

If you’ve got a static IP (or atlest one that changes rarely) you could always script something to compare current IP vs known home IP.

And a quick cli check could be done by curl ifconfig.io

3

However, when I go to https://whatismyipaddress.com

That’s how I check. IMO you should be good. You might look for a dns leak also.

4

https://ipx.ac/

If it shows me anything unexpected (like an IPv6 address or geolocation), the VPN isn’t working.

5

Do a traceroute and check if VPN gateway IP is in there.

6

curl ifconfig.io

Wouldn’t I get banned for spamming them every 2s?

7

Another nice site - thanks!

8

Oh! that’s a nice site. Imma gonna keep that. Thanks!

9

Yeah - that works with Nordvpn/OpenVPN (note the tun0 device in the routing table):

$ ip r
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 20600 
10.8.1.0/24 dev tun0 proto kernel scope link src 10.8.1.4 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.108 metric 600 
$ sudo traceroute -I bbc.co.uk
traceroute to bbc.co.uk (151.101.0.81), 30 hops max, 60 byte packets
 1  10.8.2.1 (10.8.2.1)  26.924 ms  26.990 ms  27.006 ms
 2  103.212.227.185 (103.212.227.185)  27.019 ms  27.253 ms  27.281 ms
 3  100.64.0.17 (100.64.0.17)  27.261 ms  27.285 ms  27.294 ms
 4  et1-1.v2005.dist.sy5.gslnetworks.com (31.217.251.136)  27.913 ms  28.288 ms  28.313 ms
 5  103.137.13.4 (103.137.13.4)  39.465 ms  39.498 ms  40.447 ms
 6  as4826.bne.edgeix.net.au (103.136.103.6)  42.421 ms  41.811 ms  38.685 ms
 7  49.255.90.10 (49.255.90.10)  37.416 ms  37.632 ms  37.654 ms
 8  151.101.0.81 (151.101.0.81)  38.788 ms  38.803 ms  38.811 ms

but not with nordlynx (no nordlynx device in the routing table - although it does appear in ‘ip l’):

$ ip r
default via 192.168.0.1 dev wlp3s0 proto dhcp metric 20600 
192.168.0.0/24 dev wlp3s0 proto kernel scope link src 192.168.0.108 metric 600 
$ sudo traceroute -I bbc.co.uk
traceroute to bbc.co.uk (151.101.0.81), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  151.101.0.81 (151.101.0.81)  41.755 ms  41.770 ms  41.769 ms
10

I’m not sure, couldn’t find a terms of service right now.

11

Oh well. Only way is to try it! Maybe not 2s, perhaps 30s would be OK!!