1. Move the .ovpn file to /etc/openvpn/. Choose the <name-of-connection> carefully, the name is required to select the connection via systemd.
    mv <config-file>.ovpn /etc/openvpn/<name-of-connection>.conf
  2. Reload the daemon:
    systemctl daemon-reload
  3. Start the connection:
    systemctl start openvpn@<name-of-connection>
  4. Verify that everything worked correctly:
    systemctl status openvpn@<name-of-connection>

    If it says running and no errors are displayed, everything was successful. If it says cipher not allowed check the following paragraph.

  5. Enable it with:
    systemctl enable openvpn@<name-of-connection>
  6. To later disable the automatic start of the connection use:
    systemctl disable openvpn@<name-of-connection>

Sourced from smarthomebeginner.com - OpenVPN autostart

This issue only exists when the CLI-client is OpenVPN v2.6+ while the corresponding server isn't yet on this state.
  1. If there are the following lines in the console output of the connection:
    Error: negotiated cipher not allowed - AES-256-CBC not in AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305
    OPTIONS ERROR: failed to import crypto options
    Failed to open tun/tap interface
  2. Edit your config file. (Maybe under /etc/openvpn/) It's required to change the line that contains cipher. Edit cipher to data-ciphers. It should then look like this:
    data-ciphers AES-256-CBC
  3. Finally restart your connection.

Partially sourced from forums.openvpn.net - Cipher not allowed

  • linux/linux-tutorials/ovpn.txt
  • Last modified: 2024/04/17 18:38
  • by Zyzonix