Somewhere between 1.3-rolling-201912041619 and 1.3-rolling-201912260217 ipsec config loading code was broken:
# cat vyatta-commit.log [ vpn ] Traceback (most recent call last): File "/usr/libexec/vyos/conf_mode/ipsec-settings.py", line 269, in <module> generate(c) File "/usr/libexec/vyos/conf_mode/ipsec-settings.py", line 241, in generate write_ipsec_ra_conn(data) File "/usr/libexec/vyos/conf_mode/ipsec-settings.py", line 162, in write_ipsec_ra_conn open(ipsec_ra_conn_file,'w').write(ipsec_ra_conn_txt) FileNotFoundError: [Errno 2] No such file or directory: '/etc/ipsec.d/tunnels/remote-access' [[vpn]] failed Commit failed
mkdir /etc/ipsec.d/tunnels
solves the problem (it's a stupid l2tp server config).