This is still a problem in Ubuntu 18.04. Note: systemd unit files provided by packages should not be modified by the user after installation, instead systemd's drop-in feature should be used.
The proper workaround for this bug is to create the file /etc/systemd/system/openvpn@.service.d/10-pam-capability-fix.conf with the following contents (notice the added CAP_AUDIT_WRITE keyword): [Service] CapabilityBoundingSet= CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE Afterwards issue "systemctl daemon-reload" to make systemd aware of the drop-in and then restart the OpenVPN service. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1511524 Title: OpenVPN PAM authentication broken on 15.10 Server To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/1511524/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs