Why do we offer PPTP and L2TP/IPsec+PSK if they aren’t fully secure?

We always recommend using OpenVPN-based solutions above other connection methods. However, we provide the L2TP/IPsec and PPTP protocols and the SOCKS5 proxy for the users that require it for reasons of compatibility or convenience, and do not need the highest possible level of security. This is also why these protocols use an alternate username and password to the account login.

Using OpenVPN-based encryption such as our application or OpenVPN itself prevents the known privacy issues associated with these older methods.

Is using a Pre Shared Key Secure?

No. Using a public pre shared key with L2TP/IPsec is not as secure as using OpenVPN. We only suggest using L2TP/IPsec, PPTP and the SOCKS proxy if you are only trying to mask your IP address and do not need additional security. Our service desk also takes care to alert users to the unencrypted nature of these protocols when they must be used.

We endeavor to tell our users about the proper setup and security properties of whichever method they use to connect to our service. In line with this, we’ve recently re-added our warnings about these alternate connection methods to our user-facing installation instructions.

As stated above, using our application or OpenVPN prevents these known issues.

Furthermore, we always remain vigilant to threats that can defeat the privacy of our users. We provide leak-preventing features such as the killswitch and DNS/IPv6 leak prevention wherever possible. Where we cannot do so automatically (as with WebRTC), we also provide information to our customers on disabling such vulnerabilities in their operating system, device or web browsers.

Comments

  • i'm a pia user i've noticed that other vpn providers offer the WebRTC feature on there app.Will pia offer this in future updates?
  • So does this mean that there is no secure way to connect to the PIA VPN service on a Chromebook?
  • Posts: 342
    i'm a pia user i've noticed that other vpn providers offer the WebRTC feature on there app.Will pia offer this in future updates?
    It's easy enough for the end-user to disable WebRTC on their own devices/software, and/or use software that doesn't have the vulnerabilities.  Even Chrome has plugins these days that disable WebRTC. 
  • Posts: 342
    So does this mean that there is no secure way to connect to the PIA VPN service on a Chromebook?
    Only First generation chromebooks are incapable of running OpenVPN services.  Modern ones can.  It just takes a little bit of unix command line knowledge.
Sign In or Register to comment.