A short correction to my previous post:
Using a modified /etc/systemd/system/openvpn@.service does not resolve
the problem (since it is not used by the server-process).
Instead, I'm using a server process based on
/lib/systemd/system/openvpn-server@.service, which does not set the
CAP_AUDIT_WRITE
However, using an override
/etc/systemd/system/openvpn-server@.service.d/override.conf where the
capability CAP_AUDIT_WRITE is added does also not resolve the issue
after restarting the service with
sudo systemctl daemon-reload
sudo service openvpn-server@clstest restart
I also tested a downgrade to the previous version
(openvpn_2.4.0-6+deb9u2) without success. So it may well be related to
the security update of systemd.
