Which encryption/auth settings should I use for ports on your gateways?

These are the protocol, encryption cipher, auth hash and CA settings that should be used for ports on our gateways in a stock OpenVPN setup. The settings here do not apply for any of the PIA apps.

We recommend using ports 1198, 1197, 502 and 501 with AES encryption. We also generally recommend using our OpenVPN configuration files if possible.

To download the root CA certificate, right-click on the name and select "Save link as".



Auth HashRoot CA
53 UDP BF-CBC SHA1 ca.crt
80 TCP BF-CBC SHA1 ca.crt
110 TCP BF-CBC SHA1 ca.crt
443 TCP BF-CBC SHA1 ca.crt
501 TCP AES-256-CBC SHA256 ca.rsa.4096.crt
502 TCP AES-128-CBC SHA1 ca.rsa.2048.crt
1194 UDP BF-CBC SHA1 ca.crt
1197 UDP AES-256-CBC SHA256 ca.rsa.4096.crt
1198 UDP AES-128-CBC SHA1 ca.rsa.2048.crt
8080 UDP BF-CBC SHA1 ca.crt
9201 UDP BF-CBC SHA1 ca.crt


If you encounter warnings while connecting to our gateways, please see this article which explains what may be going on.

Have more questions? Submit a request