On this website you can test whether your provider assigned IP address can be leaked via WebRTC APIs . As Daniel Roesler showed in January 2015, browsers with WebRTC implementation allow requests to STUN servers which will return the provider assigned IP address for the user even if he is connected via VPN. For more details on this, read on and also see Daniel's GitHub page.
On the top left you should see your LAN IP addresses. This is not as critical as the public IP address(es) displayed next to it. If you are using a VPN connection and it is displaying two public IP addresses, your provider assigned IP address is exposed.
With the Perfect Privacy VPN Manager in its default settings (firewall protection enabled) this will be prevented and you should only see the Perfect Privacy server as your public IP address.
WebRTC is an API definition that allows voice and video chats as well as P2P file sharing within the browser, without the need of any extensions or plugins. As of early 2015, among the most popular browsers, only Firefox and Chrome support WebRTC. Internet Explorer and For other browsers there are various plugins available that add support for WebRTC.
To allow video chats and Peer-to-peer functionality, WebRTC has a mechanism to determine the public IP address, even if it is behind a NAT. With a few JavaScript commands, WebRTC can be used to send a UDP packet to a STUN Server (Session Traversal Utilities for NAT). That server simply sends back a packet containing the IP address from which the request originated. This is simple to implement as Firefox provides a default STUN server that can also be used with Google Chrome.
In Windows it is possible to send packets over a route different from the default route. The WebRTC request to the STUN server simply sends requests over all reachable interfaces which is why you will see two public IP addresses (VPN and provider IP) if you are vulnerable to this leak.
Because the requests to the STUN server are made outside of the normal XMLHttpRequest they are not visible in the developer console; they cannot be blocked reliably with browser plugins like WebRTC block.
The best way to protect against this leak is using firewall rules to enforce that traffic can only be sent over the encrypted VPN tunnel.
With the Perfect Privacy VPN Manager such rules are set by default once a VPN tunnel is established so that your provider assigned IP cannot be leaked by WebRTC or similar mechanisms.