Whenever you are doing network communication you need a pair of addresses:
- the destination address to which your data should be delivered
- the source address from which you are sending the data (so that any response can be delivered back to you)
Network communication cannot work if you don't have those addresses and they must be visible to all along the network path so that the data can be routed to its destination.
When tunneling is used (regardless of the type) this increases to two pairs of addresses:
- the tunnel endpoint addresses (e.g.: vpn client to vpn server or tunnel gateway 1 to tunnel gateway 2)
- the actual source and destination addresses of the tunneled communication
The tunnel endpoint addresses are sometimes referred to as the outer or envelope addresses of tunneled network communication and they must be visible to all so that the tunnel can function properly. Since this is required functionality I don't consider this leaking an IP address but for somebody concerned about anonymity of their communication it is important to understand that this is taking place.
The actual source and destination addresses of the tunneled communication may be hidden through encryption however there are caveats:
- In many cases the tunnel endpoint address on the vpn client side is the same as the source address of the tunneled communication (the vpn client runs on the same computer that initiates the tunneled communication). Even when tunnel gateways are used the tunnel endpoint address may narrow down the possible sender to a small network (a particular residence or business). This means that even with an encrypted tunnel it is possible to identify at least the source network and possibly the specific computer.
- In some cases the actual source address may be included in the data of the communication (not just in the packet headers). While the actual packet arriving at the destination will have the source address rewritten to point to the tunnel endpoint (so that response data also goes through the same tunnel) the data inside the packet for some network protocols may still reveal the actual source address of the sender (e.g.: an attempt to perform active mode FTP). That would be IP address leaking but it may or may not be useful information (if it is a private network address behind a NAT gateway it is harmless from a privacy standpoint). This type of lP address leakage is independent from the tunnel type that is used.
Got some spare cpu cycles ? Join Team Helix or Team Starfire!