Hi Georg, According to the syslog_errors messages it seems that your config is trying to use SSL/TLS certificate files hosted in root's home. This is not permitted now that the systemd unit uses "ProtectHome=true".
A good way to avoid that problem and follow best practices would be to create a directory, say /etc/openvpn/lip, and put those files in there. Once in there, you don't need to weaken their permissions as they will be accessed as root prior to any UID downgrade. Another way would be to include them inline in the lip.conf instead. For details, see "INLINE FILE SUPPORT" from openvpn(8) man page. HTH, Simon
signature.asc
Description: OpenPGP digital signature
