Page MenuHomeVyOS Platform

OpenVPN with dev-type tap fails
Closed, DuplicatePublic


Running VyOS 1.3-rolling-202002190654,

OpenVPN with client dev-type tap doesn't work as it doesn't create the Interface with --mktun before it tries to bring the interface up.

Example steps to reproduce:

# download 2cca as mentioned in
cd /config/auth
python root cn=Root
python client cn=Client ca=Root

# create a vtun tap interface
set interfaces openvpn vtun0 mode client
set interfaces openvpn vtun0 device-type tap
set interfaces openvpn vtun0 tls ca-cert-file /config/auth/Root.crt
set interfaces openvpn vtun0 tls cert-file /config/auth/Client.crt
set interfaces openvpn vtun0 tls key-file /config/auth/Client.key
set interfaces openvpn vtun0 remote-host

# errors below
vyos@vyos# commit
[ interfaces openvpn vtun0 ]
Traceback (most recent call last):
  File "/usr/libexec/vyos/conf_mode/", line 1011, in <module>
  File "/usr/libexec/vyos/conf_mode/", line 1001, in apply
  File "/usr/lib/python3/dist-packages/vyos/", line 88, in __init__
    raise Exception('interface "{}" not found'.format(self._ifname))
Exception: interface "vtun0" not found

[[interfaces openvpn vtun0]] failed

This is because in /usr/libexec/vyos/conf_mode/ it does the following:

# TAP interface needs to be brought up explicitly
if openvpn['type'] == 'tap':
    if not openvpn['disable']:

It should run openvpn --mktun --dev vtun0 --dev-type tap first or the interface will not exist. I'm happy to submit a patch if needed.


Difficulty level
Unknown (require assessment)
VyOS 1.3-rolling-202002190654
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change