New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Openvpn just hangs after starting client file
user3028938
Member
Debian.
This output isn't giving me much to go on. From what I can see they don't seem to be errors, just warnings is that correct? Yet still it just hangs after the last line/retries where I just quit it. I thought it might be to do with the firewall, which is ufw, but I disabled it and still the same. As I was initially trying it within an lxc container I thought maybe related to that but I tried on host and exactly the same message. I also have a remote server which I tried it on and the same again.
I have tried with several different .ovpn client files in case the server was faulty and the same with each.
Here is the ouput:
sudo openvpn 3.ovpn
2025-07-26 07:53:09 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2025-07-26 07:53:09 Note: Kernel support for ovpn-dco missing, disabling data channel offload.
2025-07-26 07:53:09 OpenVPN 2.6.3 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] [DCO]
2025-07-26 07:53:09 library versions: OpenSSL 3.0.16 11 Feb 2025, LZO 2.10
2025-07-26 07:53:09 DCO version: N/A
2025-07-26 07:53:09 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2025-07-26 07:53:09 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-07-26 07:53:09 UDPv4 link local: (not bound)
2025-07-26 07:53:09 UDPv4 link remote: [AF_INET][undef]:1194
Comments
You can run OpenVPN manually from the command line and watch the output. Don't forget to switch the logging level to "debug" (9). Most likely something wrong in server configuration file.
maybe try wireguard, its 2025.
Since you’ve already tried different configs and servers across multiple systems, it does sound like a resolution or routing issue rather than something wrong with OpenVPN itself.
Try to run debug also...
I faced this issue before and fixed it, but I don't remember exactly how since I don't use OpenVPN anymore...
Try open your .opvn config file, replace "cipher AES-128-CBC" to "data-ciphers AES-128-CBC"
I'm pretty sure this is your issue, from the logs:
2025-07-26 07:53:09 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.I haven't used OpenVPN in a while, but this seems to be the page you need to read: https://openvpn.net/community-docs/important-note-on-possible--man-in-the-middle--attack-if-clients-do-not-verify-the-certificate-of-the-server-they-are-connecting-to-.html
Umm you can see from the code provided that is exactly what I did...although did not do the logging part.
Can't when the provider doesn't give that option.
I am just using free vpn to test out.
Everyone has switched to wireguard now? Do most companies support that then I guess?
I know I used it once for setting up a private network and was much nicer with the smaller size of files and generally smooth process.
Apart from this though have not had much complaint with openvpn over the years, this one is a first for me.
I meant openvpn server not a openvpn client.
BTW. If you live in a country where VPN connections are blocked or monitored, it may be the result of DPI software. In such a case, changing the default port might help, as well as some obfuscation of VPN traffic.
is compression on ?
Hey, just chiming in here
The fact that the
UDPv4 link remoteshows[undef]:1194means your.ovpnconfig most likely has aremoteline that’s either missing or pointing to a hostname that isn’t resolving.Check your
.ovpnfile and look for the line like:"remote yourhostname.com 1194"
If "yourhostname.com" doesn't resolve (or is blank), that’ll cause exactly the behavior you're seeing.
Also — since you're using OpenVPN 2.6+, you should **replace
cipher AES-128-CBCwith: data-ciphers AES-128-CBCAnd to debug deeper:
"sudo openvpn --config 3.ovpn --verb 9"
That will show if it’s stuck waiting on DNS or something else.
Or if you are from a another country as @rustelekom mentioned that blocks VPN connections it might be that case.
Let me know if you're able to diagnose it like that! Goodluck!
Thanks for the tips. Just signing off now but will try next time.
I have just been downloading the provided .ovpn files. Had never had issues before in the years I used that vpn on and off, just to let you know. Maybe something changed with ovpn then in the meantime since I last used it - has been a couple of years since I tried it with that free vpn I think.
Would be useful to check with another vpn but don't have another free one handy to try unless any other suggestions, but will try what you wrote above, and other comments from other users, first.
I just looked and it only has:
EDIT: Yea I just downloaded another file which had written "including IP address" and the line now had the IP in it. I tried to start and it did get past that part. Didn't connect, but got a bit further, have to try others as, being a free vpn, servers are often down.
EDIT2: ok that's weird...when I look at the file manually, opening it via the browser, the IP/host is there but when I download they revert back to 0 for remote.
How is it able to edit the file 'in transit' like that? I will note that, since the server is headless, I am using wget to download the config files. Could that have something to do with it?
Conversely, I noticed that when I clicked the file with the browser on my host machine to test it the file was downloaded unedited.
When trying on the host, downloading manually, it now hangs at a different place:
Oh and I did change the cipher line, as suggested above. I tried disabling firewall in case it was that and didn't help.
I check connectivity in browser and pages will not load until I
C-cout of openvpn again.Ok I have solved the issues of files being edited with wget. I forgot when I used to use it I had to put the download url in quotes or it wouldn't download properly.
Now I am at the same issue as I have when trying on host machine, which is the above post. A bit of progress at least as now I can keep testing to the container, without interfering with my host network.
EDIT: Ok! Looks like it is not 'hanging' at all and it is actually connected at that point. I tried again with another profile and connection is established by the looks of things, having checked by downloading a page from the terminal and testing the IP address.
Thanks for the help guys!
Glad you got it workin! Apologies didn't reply sooner,
Best of luck to your VPN adventures
All the best,
Rakane O.
CEO & Founder
ServerCrate