All Private Internet Access settings explained
Private Internet Access is a popular VPN provider. The company has a strict no-logging policy which have been verified in court this year.
Customers may download one of the available clients for their operating system. The Windows client ships with a list of features that you may enable to improve your privacy and security while being connected to one of the company servers.
The following guide lists and explains all settings that the Windows client version of Private Internet Access provides currently.
We have used the latest version of the client, version 0.65, for that. We will update the guide when features change. If you notice that before us, let us know in the comments so that we can update the article.
Private Internet Access VPN Settings
You can open the settings by right-clicking on the Private Internet Access icon in the Windows system tray area.
Please note that you can only access the settings if you are not connected to the VPN at that time. If you are, you need to disconnect first before you can do so.
The client uses three configuration pages of which one, simple, is not of much use.
Advanced Settings
The advanced settings page, which you see on the screenshot above, lists several options that you want to check out and configure.
- Username: your PIA username
- Password: the associated password of the account.
- Start application at login: whether the VPN software is started on Windows boot.
- Auto-connect on launch: whether the software connects to the VPN server when it is started.
- Show desktop notifications: whether notifications are shown on the desktop (e.g. on connection or disconnect).
- Region: The region you want to connect to. Tip: You can run speed tests for any server region to find out how well it performs.
- Connection type: Select UDP or TCP as the connection type. Default is UDP.
- Remote port: Set to auto by default, but you may specify a port there.
- Local port: Set a local port.
- Request port forwarding: The port that is being used is shown when you hover over the PIA icon in the system tray area. This can be useful to set it up in applications.
- PIA MACE: This is a new feature of Private Internet Access. It acts as a blocker for advertisement, malware, trackers and other undesirable elements. You have no control currently apart from enabling or disabling the blocker.
- VPN Kill Switch: This terminates the Internet connection if the connection to the VPN drops. Useful if you don't want your "real" IP address to be logged by services you connect to while using a VPN.
- IPv6 leak protection: This disables the use of IPv6 while connected to the VPN.
- Use small packets: If you notice connection issues, e.g. connections that drop frequently, you may want to enable this option to see if it resolves that issue.
- Debug mode: You may be asked to enable debug mode by PIA support. The log is written to C:\Program Files\pia_manager\log.
While it is up to you and your requirements what to enable on the settings page, it is usually a good idea to enable all features but PIA MACE and Debug mode.
Encryption
A click on encryption displays options to set various encryption related parameters.
- Data Encryption: Select one of the available encryption standards. Available are AES-128, AES-256 and None.
- Data Authentication: Select one of the available cryptographic hash functions. Available are SHA-1, Sha-256 and None.
- Handshake: Encryption used to establish a secure connection with Private Internet Access servers. Pia uses TLS 1.2. The default is RSA-2048.
The selection depends largely on your requirements. Want maximum protection? Select AES-256, SHA-256 and RSA-4096. Want all speed and no safety at all? Pick None, None and ECC-256k1.
The default recommendation is AES-128, SHA-1 and RSA-2048.
The client displays warning if you choose none for data encryption or data authentication, or when you chose ECC for Handshake.
Now Read: Private Internet Access rubyw.exe connections explained
I use PIA also and thought that I was happy and secure with it. I checked the DNS leak check and it said I was good, however, I just found out that if I mistype a url, my ISP’s search page comes up with suggestions for site similar to the the mistyped URL. That is very disconcerting! I don’t understand how they are aware of my url requests if there is not a DNS leak.
Are you using your providers DNS? If you are, then that is how.
Should we use another DNS server – is there one from PIA to ensure this does not happen?
According to this support page (https://www.privateinternetaccess.com/pages/client-support/), PIA uses its own DNS servers when you are connected to the VPN.
I suggest you run the test on IP Leak to find out whether your IP or DNS leaks when you are connected to the VPN.
https://ipleak.net/
>> Connection type: Select UPD or TCP as the connection type. Default is UDP.
Haha, you’ve got occasional acronym dyslexia Martin. Welcome to the club :)
It appears that PIA has not solved issues w use of their product on non-admin accounts in Windows, is this correct? This seems like a flaw given that good practice would exclude use of the admin account for much internet search and surf activity.
Thanks Martin for this brief overview. I use PIA and I’ve been very happy with their service. Even with all the features enabled, I only experience a minor slowdown, typically less than 10% of normal bandwidth. Frequent DNS and IP leak testing always shows it’s working perfectly. It’s just a nuisance that I can’t leave it on all the time if I want to use Netflix or Craigslist. In order to use those sites, I must disconnect. Otherwise, very pleased with PIA.
I’m wondering how to use their port forwarding feature. So far I’ve had no luck setting it up or finding further information about how that works. Could someone direct me to some further reading on proper configuration and use of port forwarding through a VPN (specifically PIA if possible)?
Cheers!
Martin: why do you recommend NOT enabling the PIA-MACE feature?
Because you have no control over the feature unless I’m mistaken.
Why I don’t use a VPN?
first: I don’t have sensitive information, nor personal. social accounts have no identifying info besides my first and last name, not even a photo.
second: VPN’s encrypt the information from your computer to the VPN server only. example: data packet 123456 tries to leave the computer, the VPN makes it 561342, but when it reaches the VPN server, the packet needs to be decryped again to 123456. just monitor what comes out from the VPN server and you know what users are sending/receiving, despite you can’t know to what person the information belongs to. if you are something like NSA, they just want information, they don’t care who are you LOL
third: they can leave your internet really really slow… I’ve used VPN’s like Hotspot Shield, that made my internet impossible to gaming…
Fourth: most of the browsers based on the chromium project use Device ID’s, which are unique identifiers of your audio/video card, microphone, cd player… websites may request this information – like movies sites – where chromium based browsers may than change the identifier into a hash, and than sites may use it as fingerprint – whithout you knowing – and this hashes may not be changed for months.
bonus: if you have webRTC activated on your browser (it comes activated by default), it is leaking your Real IP address, rather you use VPN or not, so besides the company bugging the VPN server knowing what are you doing, using a webRTC leak test they also know who you are and where you live. You can’t deactivate webRTC on chromium (chrome, Opera, Vivaldi (despite this one shows the option, you can’t turn it off) and all chromium based browsers)but there are extensions that grab the information sent by webrtc and block it from being sent… actually the only one I know that allows to activated and deactivate is Firefox and you need to go deep to the about:config screen.
so, why use a VPN? I mean, I have one installed, but it’s a free VPN just to access blocked sites my government blocked, like torrentfreak or ThePirateBay. it’s the only thing a VPN is useful: accessing blocked sites. VPN’s cover a hole, but there are 100 more uncovered. if you think you are protected using a VPN, think twice… you blocked the most obvious hole, just that.
For the cheapskate there’s VpnGate + Openvpn client (Windows, Android, Linux, etc) ;)
Martin, do you use a VPN on your Android phone? If so, do you use it all the time or just when connecting to “unknown” Wi-Fi networks? Which one do you use?
I’m asking because recently I did some research to find a suitable VPN service for my phone in that particular use case (connecting to a public Wi-Fi spot). My requirements were relatively simple:
– It had to be free (obviously with some monthly traffic limits)
– It didn’t have to show me any ads
– It had to offer the option of selecting which apps on my phone would and wouldn’t be routed through the VPN when the VPN service was active. For example, I don’t care if a malicious hacker intercepts my traffic when I stream a YouTube video, but I do want my email and banking app to be fully protected by the VPN. And a video stream would use a lot of the monthly allowed traffic of the free service.
– ideally, the Android VPN app would had to be smart enough to auto-engage when I connect to a public, insecure Wi-Fi network.
The best that I could find was FinchVPN, which offers a limited set of free servers and a generous 3 GB / month limit for free accounts. And it allows you to select which apps are routed through the VPN.
Do you, or any reader, know of a better VPN app for Android?
A little late but hey, If you use android get orbot and enable transparent proxying for specific apps, to go through th TOR network, thereby being very anonymous and private/secure. This may require a rooted device I’m not sure, but you’d be helping the anonymous community out just by being on it. Using banking apps and regular browsing is great for this, just don’t torrent anything on the tor network or your ip will be leaked (a big no no).
PIA has a Android VPN app. Cool thing about PIA is that you have up to 5 devices sharing your VPN account. I have been a loyal user for 4 years now… haven’t had issue at all!
Yes, but that doesn’t solve the problem I outlined.
PIA does seem like a good VPN though. The tinfoil hat wearer in me just hopes it’s not an elaborate ruse by the NSA to get easier access to everyone’s data. I always worry when a security solution gets so popular that everyone treats it like the default option.
@city_zen: Really, avoid free VPNs. A lot of them are probably doing sketchy things with your data to pay their bills.
But I have a follow-up to your question, in case anyone has an answer: Is there any way we can use a VPN and firewall at the same time on an Android device WITHOUT ROOTING? It seems the answer is “no”, because all the no-root firewall apps apparently work by pretending to be VPNs and using the device’s VPN infrastructure. But I’d love to know of a workaround. There are so many apps trying to secretly get internet access these days… I don’t like the idea of turning the firewall off even temporarily.
I hardly use my phone when I’m not in an environment that I have control over. I don’t use WiFi outside.
The only exception is when I’m traveling. Then, I’m using a VPN all the time when connected to the hotel WiFi, but will usually buy a SIM card for activity outside (which is limited to things I require such as looking up information on a map, translation..).
May I surf on this article to ask a VPN related question?
I don’t understand how VPNs manage DNS requests. Do they have their own DNS servers, do I/can I/should I keep my own DNS servers? For instance, I use DNSCrypt with a choice of several encrypted DNS servers. From there on how does this manage with a VPN?
Thanks :)
Update? the app is very different since it is now 2022!!!
Tom that depends entirely on how the VPN is configured. You can test VPN connections for leaks on services like this one: https://www.dnsleaktest.com/
Good info on the topic is available here: http://security.stackexchange.com/questions/13900/if-i-use-a-vpn-who-will-resolve-my-dns-requests
I had an use the DNSLeakTest but I make mine your link to StackExchange’s dedicated question/answer.
Thanks!