I seem to recall from some time ago that support for tap was to be included in 2.0; I found that it seems to have been included for client mode, but not for the server side.  I generated a configuration with some minor fiddling on the client side that appeared to result in traffic being sent to the server, but the server side appeared to be a little messier.  In particular, while I think I had the OpenVPN incantation correct, the pf firewall was blocking inbound traffic, and trying to add firewall rules for "OpenVPN" wasn't working because that is applied to the "ovpns*" interfaces but my incantation was resulting in a "tap*" interface.  Trying to generate "easy" rules didn't work either, ending at an error page.

Was this still intended for inclusion in 2.0?  I can deploy our working kludge on 1.2.3 if needed, but had been hoping to get this working under 2.0.