Although I used to do openvpn TLS without the "tls-auth ta.key 0" directive for years, now it looks like it has become compulsory, otherwise handshake will not occcur completely although the first
TLS: Initial packet from xxx.xx.xx.xx:1194, sid=42fb5c72 1f286ab1
is exchanged with no problems