OpenVPN AMI's built with packer incorrectly use the old public IP from the build in generated config files

When I build AMI’s using Hashicorp Packer, based off the AWS OpenVPN AMI, the public ip address from the first instance performing the build will persist in later usage of the AMI when it should instead update.

So when I try to use the resulting AMI on a new AWS instance, if I try to generate certificates for a user, the openvpn.conf files always contain the incorrect old public ip from the instance used to build the AMI. It should be using the public IP from the current instance. Is there anything I can do to correct this behaviour?

In case it helps, this is a relevant extract of the user data that is used only when the instance starts (and not during the build). In this case, the VPN client will be configured as a gateway.

client_network=${client_network}
client_netmask_bits=${client_netmask_bits}
private_subnet1=${private_subnet1}
public_subnet1=${public_subnet1}
aws_internal_domain=${aws_internal_domain}
remote_subnet_cidr=${remote_subnet_cidr}

ls -la /usr/local/openvpn_as/scripts/
/usr/local/openvpn_as/scripts/sacli -k vpn.daemon.0.client.network -v $client_network ConfigPut
/usr/local/openvpn_as/scripts/sacli -k vpn.daemon.0.client.netmask_bits -v $client_netmask_bits ConfigPut
/usr/local/openvpn_as/scripts/sacli --key 'vpn.server.tls_auth' --value 'true' ConfigPut
/usr/local/openvpn_as/scripts/sacli --key vpn.server.routing.gateway_access --value 'true' ConfigPut
/usr/local/openvpn_as/scripts/sacli --key vpn.server.routing.private_network.0 --value "$private_subnet1" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key vpn.server.routing.private_network.1 --value "$public_subnet1" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key vpn.server.routing.private_network.2 --value "$client_network/$client_netmask_bits" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key vpn.server.routing.private_access --value 'route' ConfigPut
/usr/local/openvpn_as/scripts/sacli --key 'vpn.client.routing.reroute_dns' --value 'true' ConfigPut
/usr/local/openvpn_as/scripts/sacli --key 'vpn.server.dhcp_option.domain' --value "$aws_internal_domain" ConfigPut
/usr/local/openvpn_as/scripts/sacli --key 'vpn.server.routing.allow_private_nets_to_clients' --value 'true' ConfigPut
/usr/local/openvpn_as/scripts/sacli start
cd /usr/local/openvpn_as/scripts/
./sacli --user $openvpn_user --key 'prop_autologin' --value 'true' UserPropPut
./sacli --user $openvpn_user --key 'c2s_route.0' --value "$remote_subnet_cidr" UserPropPut
./sacli --user $openvpn_user AutoGenerateOnBehalfOf
mkdir -p seperate
./sacli -o ./seperate --cn "${openvpn_user}_AUTOLOGIN" get5
chown $openvpn_user seperate/*
/usr/local/openvpn_as/scripts/sacli start
ls -la seperate

The solution is here amazon web services - OpenVPN AMI's built with packer incorrectly use the old public IP from the build in generated config files - Server Fault