After migrating to systemd, op-mode scripts don't work. Paths should be updated to /run/openvpn.
The op-mode scripts used /tmp/openvpn-mgmt-intf to reset a single client. systemd uses a private /tmp:
vyos@rt-home:~$ sudo ls -la /tmp|grep systemd drwx------ 3 root root 60 Apr 14 18:04 systemd-private-3968e4ac269541639d8b3c8413e72e45-haveged.service-VpheTj drwx------ 3 root root 60 Apr 14 18:05 systemd-private-3968e4ac269541639d8b3c8413e72e45-ntp.service-0yOxFs drwx------ 3 root root 60 Apr 16 12:48 systemd-private-3968e4ac269541639d8b3c8413e72e45-openvpn@vtun0.service-SqURDU drwx------ 3 root root 60 Apr 14 18:06 systemd-private-3968e4ac269541639d8b3c8413e72e45-pdns-recursor.service-TjzzLV drwx------ 3 root root 60 Apr 14 18:06 systemd-private-3968e4ac269541639d8b3c8413e72e45-radvd.service-Xdsj93 vyos@rt-home:~$ sudo ls -la /tmp/systemd-private-3968e4ac269541639d8b3c8413e72e45-openvpn@vtun0.service-SqURDU/tmp total 0 drwxrwxrwt 2 root root 60 Apr 16 12:48 . drwx------ 3 root root 60 Apr 16 12:48 .. srwxrwxrwx 1 root root 0 Apr 16 12:48 openvpn-mgmt-intf
In addition, all openvpn interfaces/processes used the same management inerface name. I'm not sure this ever worked for more than one interface, they should probably each have its own management interface.
Additionally file permissions on the socket are 777 by default. This is a security risk. It should be 660 and chown root:vyattacfg, or something even more secure (maybe using selinux to secure access).
At the same time it'd be nice to upgrade to --status version 1 or 2 which provides much more info than default version 0.