Openvpn tun0 loses IP and route

My OpenVPN client setup just stopped working, maybe/likely linked to a recent update of Debian (testing).

The end result is that the openvpn daemon looks happy and gives me the right syslog messages, yet the interface gets no IP address (and no routes either, of course):

# ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet6 fe80::e580:a6b8:6f2:dd5  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 336 (336.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The syslog includes the expected lines such as:

Jan 25 11:12:41 ceviche ovpn-foo[9570]: /sbin/ip addr add dev tun0 NN.MM.OO.PP/24 broadcast NN.MM.OO.255
Jan 25 11:12:41 ceviche ovpn-foo[9570]: /sbin/ip route add HOSTIP1/32 via NN.MM.OO.1

and if I run these lines by hand, then things go back to working (until the VPN is restarted, obviously).

So my impression is that the interface is setup correctly but is later "undone" by some external thing. This impression comes from some suspicious extra messages mentioning tun0 that appear a bit further in the log:

Jan 25 11:12:41 ceviche systemd[1]: Unnecessary job for /sys/subsystem/net/devices/tun0 was removed.
Jan 25 11:12:41 ceviche systemd[1]: Started Netscript ifup for tun0.
[...]
Jan 25 11:12:41 ceviche sh[9617]: Configuring interface: tun0.

Any idea what might be going on, how to track it down, or how to fix it?

This is a Debian testing system that's been following Debian testing for many years.

It's netscript causing the issue, remove that package, apt remove netscript-2.4