First you may need to re-enable rc-local for Debian 9 Create new Systemd service with the following contents

nano /etc/systemd/system/rc-local.service

    [Unit]
    Description=/etc/rc.local
    ConditionPathExists=/etc/rc.local

    [Service]
    Type=forking
    ExecStart=/etc/rc.local start
    TimeoutSec=0
    StandardOutput=tty
    RemainAfterExit=yes
    SysVStartPriority=99

    [Install]
    WantedBy=multi-user.target

Modify /etc/rc.local to contain the following

#!/bin/sh -e
if ! [ -c /dev/net/tun ]; then
 mkdir -p /dev/net
 mknod -m 666 /dev/net/tun c 10 200
fi
# Shouldn\'t need this but this makes it work anyway
echo 1 > /proc/sys/net/ipv4/ip_forward
# VM Hack: Restart openvpn server so that it works
# (tun interface didn\'t exist at usual systemctl startup but it does now!)
systemctl restart [email protected]
exit 0

Sources:

Re-enable rc.local Soruce

/dev/tun passthru Soruce