OpenVPN commonly uses UDP port 1194. If your VPN clients cannot connect, the tunnel never establishes, or handshakes fail, the issue is often networking rather than OpenVPN itself.
- 🔥 Firewall blocking UDP 1194
- 🌐 Router forwarding missing
- ☁ Cloud firewall restrictions
- 📡 ISP CGNAT limitations
- ⚙ OpenVPN server configuration issues
Step 1 — Verify OpenVPN Is Running
Linux:
sudo systemctl status openvpn
sudo systemctl status openvpn-server@server
Active: active (running)
sudo systemctl start openvpn
Step 2 — Verify OpenVPN Configuration
Open:
/etc/openvpn/server.conf
port 1194
proto udp
proto tcp
sudo systemctl restart openvpn
Step 3 — Open Firewall Rules
Ubuntu:
sudo ufw allow 1194/udp
sudo firewall-cmd \
--add-port=1194/udp \
--permanent
sudo firewall-cmd --reload
iptables \
-A INPUT \
-p udp \
--dport 1194 \
-j ACCEPT
Step 4 — Configure Router Port Forwarding
Self-hosted OpenVPN requires:
External:
1194 UDP
↓
192.168.1.50:1194
Using TCP forwarding accidentally is a common mistake.
Step 5 — Cloud VPS Users
Check:- AWS Security Groups
- Google Cloud Firewall
- Azure NSG
- Oracle Cloud
- Hetzner Firewall
- OVH Cloud Firewall
Opening Linux firewall alone may not be enough.
OpenVPN Still Not Working?
❌ ISP CGNAT blocking inbound traffic
❌ Wrong public IP
❌ UDP blocked upstream
❌ Firewall configured for TCP only
❌ TLS handshake problems
Debug OpenVPN Logs
Linux:
journalctl -u openvpn
TLS Error:
TLS key negotiation failed
- Firewall
- Port forwarding
- Wrong endpoint IP
- Cloud firewall restrictions
Check VPN Visibility
After fixing OpenVPN connectivity, verify your tunnel actually hides your IP correctly.
Final Checklist
✅ OpenVPN service running
✅ UDP 1194 open
✅ Router forwarding configured
✅ Cloud firewall validated
✅ Connectivity verified externally