Linux VPN checks
How to check if your VPN is working from the Linux command line
A VPN app may say connected, but the useful question is whether your traffic, DNS requests and routes are actually going where you expect. These Linux commands help you check that quickly.
curl, check DNS with dig, inspect routes with ip route, then compare the result before and after connecting to your VPN.1. Check your public IP address
Run this before and after connecting to your VPN. The IP address should change when the VPN is active.
curl -4 https://ifconfig.meFor IPv6, test separately. This matters because some VPNs tunnel IPv4 but leave IPv6 exposed.
curl -6 https://ifconfig.me2. Check DNS behaviour
DNS is where many VPN setups get messy. A DNS leak can happen when your browser or system uses your normal resolver instead of the VPN resolver.
dig +short myip.opendns.com @resolver1.opendns.comYou can also check the DNS records for a normal domain while connected. For web based DNS lookups and propagation checks, use DNSNow.
3. Inspect system resolvers
On many modern Linux systems, resolvectl shows which DNS servers are active for each interface.
resolvectl statusIf you are using NetworkManager, also check active connections:
nmcli connection show --active4. Check routing
The route table helps show whether default traffic is going through the VPN tunnel.
ip route
ip addrLook for VPN interfaces such as tun0, wg0 or provider-specific interfaces. If these commands are new, practise Linux troubleshooting basics on CommandLineQuiz.
5. Use a simple VPN check script
This small Bash script prints useful information without making changes.
#!/usr/bin/env bash
set -euo pipefail
echo "Public IPv4:"
curl -4 -s https://ifconfig.me || echo "IPv4 check failed"
echo
echo "Public IPv6:"
curl -6 -s https://ifconfig.me || echo "IPv6 check failed or unavailable"
echo
echo "OpenDNS resolver IP check:"
dig +short myip.opendns.com @resolver1.opendns.com || echo "dig check failed"
echo
echo "Default route:"
ip route | sed -n '1,5p'
echo
echo "Active DNS resolvers:"
resolvectl status 2>/dev/null | sed -n '1,80p' || echo "resolvectl not available"To learn more about Bash scripting, see the Bash Scripting Hub. If you want to practise DNS command syntax, the dig command builder is a useful companion.
6. Compare before and after results
| Check | Before VPN | After VPN | What you want |
|---|---|---|---|
| Public IPv4 | Your ISP IP | VPN IP | Different address |
| Public IPv6 | Your ISP IPv6 or none | VPN IPv6 or blocked | No exposed ISP IPv6 |
| DNS resolver | ISP or configured resolver | VPN resolver or privacy DNS | No unexpected ISP resolver |
| Default route | Normal gateway | VPN tunnel route | Traffic routed through VPN |
Common mistakes
- Only checking the browser and ignoring terminal traffic.
- Forgetting IPv6 checks.
- Leaving split tunnelling enabled for the app you are testing.
- Assuming streaming location and DNS location always match.
- Using one test result instead of comparing before and after.
Next steps
Run the VPN working checklist, then use the VPN troubleshooting wizard if the result does not look right. For deeper networking and privacy learning, browse IT-Books.