What is WebRTC?

WebRTC is an API definition that allows voice and video chats as well as P2P file sharing within the browser, without the need of any extensions or plugins. As of early 2015, among the most popular browsers, only Firefox and Chrome support WebRTC. Internet Explorer and For other browsers there are various plugins available that add support for WebRTC.

How does WebRTC expose my IP address?

To allow video chats and Peer-to-peer functionality, WebRTC has a mechanism to determine the public IP address, even if it is behind a NAT. With a few JavaScript commands, WebRTC can be used to send a UDP packet to a STUN Server (Session Traversal Utilities for NAT). That server simply sends back a packet containing the IP address from which the request originated. This is simple to implement as Firefox provides a default STUN server that can also be used with Google Chrome.

In Windows it is possible to send packets over a route different from the default route. The WebRTC request to the STUN server simply sends requests over all reachable interfaces which is why you will see two public IP addresses (VPN and provider IP) if you are vulnerable to this leak.

How can I protect against this IP leak?

Because the requests to the STUN server are made outside of the normal XMLHttpRequest they are not visible in the developer console; they cannot be blocked reliably with browser plugins like WebRTC block.

The best way to protect against this leak is using firewall rules to enforce that traffic can only be sent over the encrypted VPN tunnel.

With the Perfect Privacy VPN Manager such rules are set by default once a VPN tunnel is established so that your provider assigned IP cannot be leaked by WebRTC or similar mechanisms.