Why do we offer PPTP and L2TP/IPsec+PSK if they aren’t fully secure?

doaksdoaks
in General Privacy Discussion

We always recommend using OpenVPN-based solutions above other connection methods. However, we provide the L2TP/IPsec and PPTP protocols and the SOCKS5 proxy for the users that require it for reasons of compatibility or convenience, and do not need the highest possible level of security. This is also why these protocols use an alternate username and password to the account login.

Using OpenVPN-based encryption such as our application or OpenVPN itself prevents the known privacy issues associated with these older methods.

Is using a Pre Shared Key Secure?

No. Using a public pre shared key with L2TP/IPsec is not as secure as using OpenVPN. We only suggest using L2TP/IPsec, PPTP and the SOCKS proxy if you are only trying to mask your IP address and do not need additional security. Our service desk also takes care to alert users to the unencrypted nature of these protocols when they must be used.

We endeavor to tell our users about the proper setup and security properties of whichever method they use to connect to our service. In line with this, we’ve recently re-added our warnings about these alternate connection methods to our user-facing installation instructions.

As stated above, using our application or OpenVPN prevents these known issues.

Furthermore, we always remain vigilant to threats that can defeat the privacy of our users. We provide leak-preventing features such as the killswitch and DNS/IPv6 leak prevention wherever possible. Where we cannot do so automatically (as with WebRTC), we also provide information to our customers on disabling such vulnerabilities in their operating system, device or web browsers.

Comments

  • itsmefloralucaitsmefloraluca
    i'm a pia user i've noticed that other vpn providers offer the WebRTC feature on there app.Will pia offer this in future updates?
  • yerbestpalyerbestpal
    So does this mean that there is no secure way to connect to the PIA VPN service on a Chromebook?
  • KharizKhariz
    itsmefloraluca said:
    i'm a pia user i've noticed that other vpn providers offer the WebRTC feature on there app.Will pia offer this in future updates?
    It's easy enough for the end-user to disable WebRTC on their own devices/software, and/or use software that doesn't have the vulnerabilities.  Even Chrome has plugins these days that disable WebRTC. 
  • KharizKhariz
    yerbestpal said:
    So does this mean that there is no secure way to connect to the PIA VPN service on a Chromebook?
    Only First generation chromebooks are incapable of running OpenVPN services.  Modern ones can.  It just takes a little bit of unix command line knowledge.
  • aunspachaunspach
    Khariz said:
    yerbestpal said:
    So does this mean that there is no secure way to connect to the PIA VPN service on a Chromebook?
    Only First generation chromebooks are incapable of running OpenVPN services.  Modern ones can.  It just takes a little bit of unix command line knowledge.
    So...would it be too much to ask for PIA to share a step-by-step instruction guide online?  We are trying to use your product, here.  "...a little bit of unix command line knowledge" is somewhat vague.
  • Max-PMax-P
    aunspach said:
     So...would it be too much to ask for PIA to share a step-by-step instruction guide online?  We are trying to use your product, here.  "...a little bit of unix command line knowledge" is somewhat vague.
    This thread is a bit old.

    At the moment you can use PIA for web browsing very easily using our Chrome extension which didn't exist back when this guide was posted, but I think native OpenVPN support has also been added recently so we may end up writing a new guide with OpenVPN in the future.

    I don't think it needs command line anymore however, I've heard from a customer or two that they had it running on a completely stock Chromebook.
  • rosenquirosenqui
    The PIA server list is a bit outdated, but the instructions at this site worked nicely on my Pixelbook.

    https://chromium.googlesource.com/experimental/cros-pia/
  • tommybottommybot
    Definitely old,  my two year old samsung chromebook has the option for open VPN, i would love to know how to set it up since i assume the chrome extension does not protect my apps internet connections?
Sign In or Register to comment.