diff --git a/internal/configuration/settings/openvpnselection.go b/internal/configuration/settings/openvpnselection.go
index 4c3700a6..a161821e 100644
--- a/internal/configuration/settings/openvpnselection.go
+++ b/internal/configuration/settings/openvpnselection.go
@@ -100,8 +100,8 @@ func (o OpenVPNSelection) validate(vpnProvider string) (err error) {
 				allowedTCP = []uint16{44, 443, 4433}
 				allowedUDP = []uint16{44, 443, 4433}
 			case providers.PrivateInternetAccess:
-				allowedTCP = []uint16{80, 443, 853, 8443}
-				allowedUDP = []uint16{53, 123, 853, 8080}
+				allowedTCP = []uint16{80, 110, 443}
+				allowedUDP = []uint16{53, 1194, 1197, 1198, 8080, 9201}
 			case providers.Protonvpn:
 				allowedTCP = []uint16{443, 5995, 8443}
 				allowedUDP = []uint16{80, 443, 1194, 4569, 5060}
diff --git a/internal/provider/privateinternetaccess/connection.go b/internal/provider/privateinternetaccess/connection.go
index 03204c76..5ff07ecc 100644
--- a/internal/provider/privateinternetaccess/connection.go
+++ b/internal/provider/privateinternetaccess/connection.go
@@ -3,17 +3,24 @@ package privateinternetaccess
 import (
 	"github.com/qdm12/gluetun/internal/configuration/settings"
 	"github.com/qdm12/gluetun/internal/models"
+	"github.com/qdm12/gluetun/internal/provider/privateinternetaccess/presets"
 	"github.com/qdm12/gluetun/internal/provider/utils"
 )
 
 func (p *Provider) GetConnection(selection settings.ServerSelection, ipv6Supported bool) (
 	connection models.Connection, err error,
 ) {
-	defaults := getConnectionDefaults()
+	// Set port defaults depending on encryption preset.
+	var defaults utils.ConnectionDefaults
+	switch *selection.OpenVPN.PIAEncPreset {
+	case presets.None, presets.Normal:
+		defaults.OpenVPNTCPPort = 502
+		defaults.OpenVPNUDPPort = 1198
+	case presets.Strong:
+		defaults.OpenVPNTCPPort = 501
+		defaults.OpenVPNUDPPort = 1197
+	}
+
 	return utils.GetConnection(p.Name(),
 		p.storage, selection, defaults, ipv6Supported, p.randSource)
 }
-
-func getConnectionDefaults() utils.ConnectionDefaults {
-	return utils.NewConnectionDefaults(8443, 8080, 0) //nolint:mnd
-}
diff --git a/internal/provider/privateinternetaccess/connection_test.go b/internal/provider/privateinternetaccess/connection_test.go
deleted file mode 100644
index ba79d23a..00000000
--- a/internal/provider/privateinternetaccess/connection_test.go
+++ /dev/null
@@ -1,60 +0,0 @@
-package privateinternetaccess
-
-import (
-	"bytes"
-	"encoding/json"
-	"io"
-	"net/http"
-	"testing"
-	"time"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-func Test_getConnectionDefaults(t *testing.T) {
-	t.Parallel()
-
-	const timeout = 5 * time.Second
-	client := &http.Client{
-		Timeout: timeout,
-	}
-
-	ctx := t.Context()
-	request, err := http.NewRequestWithContext(ctx, http.MethodGet,
-		"https://serverlist.piaservers.net/vpninfo/servers/v6", nil)
-	require.NoError(t, err)
-
-	response, err := client.Do(request)
-	require.NoError(t, err)
-	defer response.Body.Close()
-
-	require.Equal(t, http.StatusOK, response.StatusCode)
-
-	b, err := io.ReadAll(response.Body)
-	require.NoError(t, err)
-
-	// remove key/signature at the bottom
-	i := bytes.IndexRune(b, '\n')
-	b = b[:i]
-
-	var data struct {
-		Groups struct {
-			OvpnUDP []struct {
-				Ports []uint16 `json:"ports"`
-			} `json:"ovpnudp"`
-			OvpnTCP []struct {
-				Ports []uint16 `json:"ports"`
-			} `json:"ovpntcp"`
-		} `json:"groups"`
-	}
-	err = json.Unmarshal(b, &data)
-	require.NoError(t, err)
-
-	defaults := getConnectionDefaults()
-
-	require.Len(t, data.Groups.OvpnUDP, 1)
-	require.Len(t, data.Groups.OvpnTCP, 1)
-	assert.Contains(t, data.Groups.OvpnUDP[0].Ports, defaults.OpenVPNUDPPort)
-	assert.Contains(t, data.Groups.OvpnTCP[0].Ports, defaults.OpenVPNTCPPort)
-}