This bug hit me pretty hard. I unknowingly used the upstream openvpn-server@ unit, and then spent a day or so trying to work out why it did not work - the upstream one has CAP_AUDIT_WRITE missing from its capability list.
Perhaps the upstream one could be patched to include this capability?
