IP leaking on split tunnel
Split Tunnel causes real IP leak — reproducible and unresolved
I've discovered a significant privacy bug in ProtonVPN that I want to flag to the community.
The issue: When split tunneling is enabled, my real IP address is exposed — even to apps and traffic that are supposed to remain inside the VPN tunnel. I confirmed this using ipleak.net on my browser, which should be fully tunneled.
Reproduction steps:
- Enable split tunnel with only specific apps excluded (in my case, CCTV and satnav apps)
- Visit ipleak.net in your browser — real IP is visible
- Disable split tunnel
- Visit ipleak.net again — VPN IP shows correctly
The toggle is the direct cause. This isn't a WebRTC issue — it's the split tunnel feature breaking routing integrity for all traffic when enabled.
Why this matters: Most users would never think to test this. They'd enable split tunnel assuming their tunneled traffic is protected, and silently leak their real IP the entire time. For a VPN whose core promise is IP protection, this is a serious flaw.
Status: I've reported this to Proton support but have received no confirmation of a fix or timeline.
Has anyone else reproduced this? And is there any acknowledgement from the Proton team that this is being worked on? Given how reproducible it is, this should be treated as a critical bug.