Many people, for work or study, download or use various VPN clients or network addresses online (especially the customized software provided by “airports”). But after downloading or using them, there's always a nagging worry: Is this thing safe? Could it have a virus? Why does an IP lookup still show my real address even after I'm connected?

Today's tutorial will walk you through giving your VPN a thorough “health checkup” from start to finish, and solve the most common Shadowrocket “false leak” problem.

Stage One: The “Mine-Avoidance” Check Before Installing

If what you downloaded is a .exe or .apk installer, don't rush to run it. We can use the world's antivirus engine databases to screen it.

1. Scan with VirusTotal

Go to VirusTotal and upload your installer. It will call on more than 70 of the world's mainstream antivirus engines, such as Kaspersky, Microsoft, and Symantec, to scan it.

2. How to Read the Scan Results?

  • All green (0 detections): Install with confidence.

  • A sea of red (10+ detections): Delete it immediately! It very likely contains a trojan or a mining program.

  • A tiny number of detections (1-2, e.g., DeepInstinct): Most likely a false positive.

    • Case analysis: Many VPN clients, because they involve modifying system network settings or use packing techniques to prevent cracking, are easily flagged as malware by some niche antivirus engines based on “AI prediction” (such as DeepInstinct). As long as the major mainstream vendors (Microsoft, Avast, McAfee, etc.) don't report a virus, they can usually be trusted.

Stage Two: The “Privacy Test” After Installing

Software being virus-free doesn't mean it can protect your privacy. With some low-quality VPNs, even though you can open foreign websites after connecting, your real IP and DNS requests are actually still “running naked.”

The Three-Step Detection Method

After connecting to the VPN, visit the following websites in order to run the tests:

  1. Check the IP address: Visit ipip.net or whatismyip.com. What's displayed must be the proxy server's IP (such as the US or Hong Kong), not the city where you are located.

  2. Check for DNS leaks: Visit dnsleaktest.com. Click to run the test; the words “China Telecom/Unicom/Mobile” must not appear in the results.

  3. Check for WebRTC leaks: Visit browserleaks.com/webrtc. Look at the Public IP field; if it shows your local real IP, this layer of protection has failed.

Stage Three: Why Is WebRTC Fine, but the IP Lookup Still Shows My “Real Address”? (Shadowrocket Edition)

This is the problem that troubles iOS users the most:

“I'm clearly connected to Shadowrocket, the DNS and WebRTC tests both come up as foreign, so why, when I go to whatismyip.com to check, does it still show my real home/office IP?”

The Reason Revealed

It's not that the VPN is broken, it's that Shadowrocket is too “smart.” By default, Shadowrocket uses the “Config” mode. In this mode, it makes decisions based on a built-in rule list:

  • Visiting Google -> goes through the proxy.

  • Visiting Baidu -> direct connection (no proxy).

And IP-lookup sites like whatismyip.com sometimes get misjudged by the rules as “ordinary websites,” or the rule database hasn't been updated, causing Shadowrocket to have you access them via a direct connection. Since it's a direct connection, the other side can of course see your real IP.

The Ultimate Solution: Change the “Global Routing”

Many people can't find where this setting is. Note: it's not in “Settings,” it's on the “Home” page!

Steps:

  1. Open Shadowrocket and tap the “Home” icon at the far bottom left.

  2. Below the toggle at the top, find the “Global Routing” option (usually located directly above the node list).

  3. Tap it and change the mode from “Config” to “Proxy”.

The effect: After switching to “Proxy” mode, all traffic on the phone will be forced to go through the VPN. Now when you refresh the IP-lookup page, it will absolutely become the VPN's IP.

⚠️ Important Note

After you finish testing or get your business done, it's recommended to switch Global Routing back to “Config” mode. Otherwise, when you access domestic apps (WeChat, Douyin, Taobao), they will also take a trip around the globe, causing slower speeds, increased battery drain, and wasted data.

Summary

  1. File safety: Scan with VirusTotal; as long as it's not flagged collectively by mainstream engines, detections from individual AI engines can usually be ignored.

  2. Privacy safety: Paying attention to whether DNS and WebRTC are leaking is more important than just looking at the IP.

  3. Usage tip: When you encounter a “false leak,” go to the Shadowrocket Home page and change “Global Routing” to “Proxy” to fix it instantly.

I hope this guide helps everyone use their network tools more safely and with greater understanding!