diff --git a/internal/configuration/openvpn.go b/internal/configuration/openvpn.go
index 55bf64b4..a33b37d8 100644
--- a/internal/configuration/openvpn.go
+++ b/internal/configuration/openvpn.go
@@ -147,6 +147,11 @@ func (settings *OpenVPN) read(r reader, serviceProvider string) (err error) {
 		return fmt.Errorf("environment variable OPENVPN_IPV6: %w", err)
 	}
 
+	settings.EncPreset, err = getPIAEncryptionPreset(r)
+	if err != nil {
+		return err
+	}
+
 	switch serviceProvider {
 	case constants.Cyberghost:
 		err = settings.readCyberghost(r)
diff --git a/internal/provider/privateinternetaccess/openvpnconf.go b/internal/provider/privateinternetaccess/openvpnconf.go
index dd9c0806..5afe02db 100644
--- a/internal/provider/privateinternetaccess/openvpnconf.go
+++ b/internal/provider/privateinternetaccess/openvpnconf.go
@@ -18,16 +18,16 @@ func (p *PIA) BuildConf(connection models.OpenVPNConnection,
 		defaultAuth = constants.SHA1
 		X509CRL = constants.PiaX509CRLNormal
 		certificate = constants.PIACertificateNormal
-	case constants.PIAEncryptionPresetStrong:
-		defaultCipher = constants.AES256cbc
-		defaultAuth = constants.SHA256
-		X509CRL = constants.PiaX509CRLStrong
-		certificate = constants.PIACertificateStrong
-	default: // no encryption preset
+	case constants.PIAEncryptionPresetNone:
 		defaultCipher = "none"
 		defaultAuth = "none"
 		X509CRL = constants.PiaX509CRLNormal
 		certificate = constants.PIACertificateNormal
+	default: // strong
+		defaultCipher = constants.AES256cbc
+		defaultAuth = constants.SHA256
+		X509CRL = constants.PiaX509CRLStrong
+		certificate = constants.PIACertificateStrong
 	}
 
 	if settings.Cipher == "" {