Why do we offer PPTP and L2TP/IPsec+PSK if they aren’t fully secure?
We always recommend using OpenVPN-based solutions above other connection methods. However, we provide the L2TP/IPsec and PPTP protocols and the SOCKS5 proxy for the users that require it for reasons of compatibility or convenience, and do not need the highest possible level of security. This is also why these protocols use an alternate username and password to the account login.
Using OpenVPN-based encryption such as our application or OpenVPN itself prevents the known privacy issues associated with these older methods.
Is using a Pre Shared Key Secure?
No. Using a public pre shared key with L2TP/IPsec is not as secure as using OpenVPN. We only suggest using L2TP/IPsec, PPTP and the SOCKS proxy if you are only trying to mask your IP address and do not need additional security. Our service desk also takes care to alert users to the unencrypted nature of these protocols when they must be used.
We endeavor to tell our users about the proper setup and security properties of whichever method they use to connect to our service. In line with this, we’ve recently re-added our warnings about these alternate connection methods to our user-facing installation instructions.
As stated above, using our application or OpenVPN prevents these known issues.Furthermore, we always remain vigilant to threats that can defeat the privacy of our users. We provide leak-preventing features such as the killswitch and DNS/IPv6 leak prevention wherever possible. Where we cannot do so automatically (as with WebRTC), we also provide information to our customers on disabling such vulnerabilities in their operating system, device or web browsers.