Running VyOS 1.3-rolling-202002190654,
OpenVPN with client dev-type tap doesn't work as it doesn't create the Interface with --mktun before it tries to bring the interface up.
Example steps to reproduce:
# download 2cca as mentioned in https://wiki.vyos.net/wiki/OpenVPN#Certificates_and_keys:_2cca_Alternative cd /config/auth wget https://raw.githubusercontent.com/nicolas314/2cca/master/2cca.py python 2cca.py python 2cca.py root cn=Root python 2cca.py client cn=Client ca=Root # create a vtun tap interface set interfaces openvpn vtun0 mode client set interfaces openvpn vtun0 device-type tap set interfaces openvpn vtun0 tls ca-cert-file /config/auth/Root.crt set interfaces openvpn vtun0 tls cert-file /config/auth/Client.crt set interfaces openvpn vtun0 tls key-file /config/auth/Client.key set interfaces openvpn vtun0 remote-host 127.0.0.1 commit # errors below vyos@vyos# commit [ interfaces openvpn vtun0 ] Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 1011, in <module> apply(c) File "/usr/libexec/vyos/conf_mode/interfaces-openvpn.py", line 1001, in apply Interface(openvpn['intf']).set_state('up') File "/usr/lib/python3/dist-packages/vyos/ifconfig.py", line 88, in __init__ raise Exception('interface "{}" not found'.format(self._ifname)) Exception: interface "vtun0" not found [[interfaces openvpn vtun0]] failed
This is because in /usr/libexec/vyos/conf_mode/interfaces-openvpn.py it does the following:
# TAP interface needs to be brought up explicitly if openvpn['type'] == 'tap': if not openvpn['disable']: Interface(openvpn['intf']).set_state('up')
It should run openvpn --mktun --dev vtun0 --dev-type tap first or the interface will not exist. I'm happy to submit a patch if needed.