I just check on 14.04 and 16.04 and the init script automatically adds "--script-security 2" unless the VPN config contains a script-security directive.
Problem is that since the switch to systemd, the init script is no longer used and the daemon is used like this:
This probably breaks setups relying on "--script-security 2" like yours. Could you try adding "script-security 2" to /etc/openvpn/infra.conf and see if it helps?
I just check on 14.04 and 16.04 and the init script automatically adds "--script-security 2" unless the VPN config contains a script-security directive.
Problem is that since the switch to systemd, the init script is no longer used and the daemon is used like this:
$ systemctl cat openvpn@.service | grep ^ExecStart /usr/sbin/ openvpn --daemon ovpn-%i --status /run/openvpn/ %i.status 10 --cd /etc/openvpn --config /etc/openvpn/ %i.conf --writepid /run/openvpn/%i.pid
ExecStart=
This probably breaks setups relying on "--script-security 2" like yours. Could you try adding "script-security 2" to /etc/openvpn/ infra.conf and see if it helps?