diff --git a/internal/configuration/privateinternetaccess.go b/internal/configuration/privateinternetaccess.go
index e3a15388..d9c9df77 100644
--- a/internal/configuration/privateinternetaccess.go
+++ b/internal/configuration/privateinternetaccess.go
@@ -50,7 +50,7 @@ func (settings *Provider) readPrivateInternetAccess(r reader) (err error) {
 	}
 
 	encryptionPreset, err := r.env.Inside("PIA_ENCRYPTION",
-		[]string{constants.PIAEncryptionPresetNormal, constants.PIAEncryptionPresetStrong},
+		[]string{constants.PIAEncryptionPresetNone, constants.PIAEncryptionPresetNormal, constants.PIAEncryptionPresetStrong},
 		params.RetroKeys([]string{"ENCRYPTION"}, r.onRetroActive),
 		params.Default(constants.PIACertificateStrong),
 	)
diff --git a/internal/constants/pia.go b/internal/constants/pia.go
index 75105c73..bc25fa2b 100644
--- a/internal/constants/pia.go
+++ b/internal/constants/pia.go
@@ -8,6 +8,7 @@ import (
 
 //nolint:lll
 const (
+	PIAEncryptionPresetNone   = "none"
 	PIAEncryptionPresetNormal = "normal"
 	PIAEncryptionPresetStrong = "strong"
 	PiaX509CRLNormal          = "MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAwHgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRlaW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZaMCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EWB4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Reze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqyMR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A=="
diff --git a/internal/provider/privateinternetaccess/openvpnconf.go b/internal/provider/privateinternetaccess/openvpnconf.go
index 6ddc58d2..f1b2e220 100644
--- a/internal/provider/privateinternetaccess/openvpnconf.go
+++ b/internal/provider/privateinternetaccess/openvpnconf.go
@@ -13,16 +13,22 @@ import (
 func (p *PIA) BuildConf(connection models.OpenVPNConnection,
 	username string, settings configuration.OpenVPN) (lines []string) {
 	var defaultCipher, defaultAuth, X509CRL, certificate string
-	if settings.Provider.ExtraConfigOptions.EncryptionPreset == constants.PIAEncryptionPresetNormal {
+	switch settings.Provider.ExtraConfigOptions.EncryptionPreset {
+	case constants.PIAEncryptionPresetNormal:
 		defaultCipher = constants.AES128cbc
 		defaultAuth = constants.SHA1
 		X509CRL = constants.PiaX509CRLNormal
 		certificate = constants.PIACertificateNormal
-	} else { // strong encryption
+	case constants.PIAEncryptionPresetStrong:
 		defaultCipher = constants.AES256cbc
 		defaultAuth = constants.SHA256
 		X509CRL = constants.PiaX509CRLStrong
 		certificate = constants.PIACertificateStrong
+	default: // no encryption preset
+		defaultCipher = ""
+		defaultAuth = ""
+		X509CRL = constants.PiaX509CRLNormal
+		certificate = constants.PIACertificateNormal
 	}
 
 	if settings.Cipher == "" {
@@ -57,10 +63,15 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection,
 		"auth-user-pass " + constants.OpenVPNAuthConf,
 		connection.ProtoLine(),
 		connection.RemoteLine(),
-		"auth " + settings.Auth,
 	}
 
-	lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+	if settings.Cipher != "" {
+		lines = append(lines, utils.CipherLines(settings.Cipher, settings.Version)...)
+	}
+
+	if settings.Auth != "" {
+		lines = append(lines, "auth "+settings.Auth)
+	}
 
 	if strings.HasSuffix(settings.Cipher, "-gcm") {
 		lines = append(lines, "ncp-disable")
diff --git a/internal/provider/privateinternetaccess/port.go b/internal/provider/privateinternetaccess/port.go
index cfdf2979..2544c623 100644
--- a/internal/provider/privateinternetaccess/port.go
+++ b/internal/provider/privateinternetaccess/port.go
@@ -23,14 +23,14 @@ func getPort(tcp bool, encryptionPreset string, customPort uint16) (
 func getDefaultPort(tcp bool, encryptionPreset string) (port uint16) {
 	if tcp {
 		switch encryptionPreset {
-		case constants.PIAEncryptionPresetNormal:
+		case constants.PIAEncryptionPresetNone, constants.PIAEncryptionPresetNormal:
 			port = 502
 		case constants.PIAEncryptionPresetStrong:
 			port = 501
 		}
 	} else {
 		switch encryptionPreset {
-		case constants.PIAEncryptionPresetNormal:
+		case constants.PIAEncryptionPresetNone, constants.PIAEncryptionPresetNormal:
 			port = 1198
 		case constants.PIAEncryptionPresetStrong:
 			port = 1197