System:
armbian bookworm
kernel 6.6.2-edge-rk3568-odroid

mount

sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
lxc-5.0.2-1+deb12u2
vm/config: lxc.cgroup.devices.allow = c 10:200 rwm
LXC.cgroup2.devices.allow = c 10:200 rwm

openvpn run in unprivileged lxc, but not started with systemd
but will run, when I start manually
I found a solution in proxmox forum for amd64:
change in config from cgroup to cgroup2

but this works not in arm64:
lxc-start -F -n vm
lxc-start: router: …/src/lxc/utils.c: open_devnull: 1231 Operation not permitted - Can’t open /dev/null
Failed to redirect standard streams to /dev/null, ignoring: Operation not permitted
/usr/lib/systemd/system-generators/openvpn-generator: 1: cannot create /dev/null: Operation not permitted

The solution for my problem was:
lxc.cgroup2.devices.allow = c 1:3 rwm
in config