OpenVPN tap devices are administratively down (A/D in "show interfaces") after being configured, and the only way I can figure out to bring them up is by running "sudo ip link set [device] up". After reboot the tunnels are down again, so at the moment I have this in my vyos-postconfig-bootup.script files: "sudo ip tuntap | cut -d: -f1 | xargs -I % sudo ip link set % up" to bring up all of them automatically after reboot.
tun devices work fine, this issue is only on tap devices.
Tested on vyos-1.3-rolling-201912290217, which I know is a few weeks old, but I haven't had an opportunity to test on a newer build.
Example config:
set interfaces openvpn vtun29003 description 'Data tunnel'
set interfaces openvpn vtun29003 device-type 'tap'
set interfaces openvpn vtun29003 encryption cipher 'aes256'
set interfaces openvpn vtun29003 hash 'sha256'
set interfaces openvpn vtun29003 local-port 'REDACTED'
set interfaces openvpn vtun29003 mode 'site-to-site'
set interfaces openvpn vtun29003 persistent-tunnel
set interfaces openvpn vtun29003 remote-host 'REDACTED'
set interfaces openvpn vtun29003 remote-port 'REDACTED'
set interfaces openvpn vtun29003 shared-secret-key-file '/config/auth/tunnel.key'