[Freak_NL]

> I use AirVPN because to me it matters the client is open source.

Don't most VPN providers offer OpenVPN as an option? Private Internet Access does. I always assumed that the client offered is to have an easy setup method for users who don't know how to configure a normal VPN client safely.

[subliminalpanda]

It's been a while but the last time I used PIA I noticed that their configurations were woefully insecure (BF-CBC Ciphers, no tls-auth, pre-shared keys instead of certificates). This was maybe a couple of years ago.

Has that changed recently?

[PTRFRLL]

Yes, they recently updated their OpenVPN configuration and now have a 'strong' OpenVPN config option.

>All our servers are now running OpenVPN on UDP port 1197 with our 4096bit RSA server certificate, 4096bit Diffie-Helman key exchange, AES-256-CBC, SHA256 and TLS v1.0-1.2 support.

https://www.privateinternetaccess.com/forum/discussion/20093...