TUN devices are just like TAP devices except they operate at layer 3 instead of layer 2 and the user mode software has to write raw IP packets into the file descriptor instead of raw Ethernet frames. Going back to MACVTAP devices, these are sort of mix-up between MACVLAN and TAP interfaces. As we have seen so far in this chapter, there are many similarities, but also some significant differences between a tun-style VPN and a tap-style VPN. Most of the differences stem from the single fact that a tun-style VPN is a non-broadcast, point-to-point IP-only network, whereas a tap-style network provides a fully virtual network.

Especially with the topology subnet option, a tun-based setup resembles a non-bridged tap-based setup: if it's ok to create vpn on layer 3 (one more hop between subnets) - go for tun.

What is the difference between TUN driver and TAP driver? TUN works with IP frames. TAP, namely network TAP, simulates a link layer device and operates in layer 2 carrying Ethernet frames. TUN is used with routing. TAP can be used to create a user space network bridge.

What is the TAP ? The TAP is a Virtual Ethernet network device. TAP driver was designed as low level kernel support for Ethernet tunneling. What is the difference between TUN driver and TAP driver? TUN works with IP frames. a TUN device is a virtual Ethernet adapter whereas a TAP device is a virtual point-to-point IP link (in case these don't make sense, ask your search engine what is the difference between point-to-point ip link and an Ethernet) So I do research about point-to-point ip link and Ethernet link and i have others questions : TAP = Physical Layer 2 link to whatever interface you bridge it to. You won't have a "route" because there is no routing.

For security, the common No tun/tap interface is needed. With tun/tap, kernel creates tun%d for use and let userspace program provide the interface. TUN/TAP devices are virtual interfaces used by VPN clients to establish virtual instances of physical networking connections. Unless the information I have recently read is wrong, the only chance of multicast of Bonjour over VPN is via TAP (Network Bridge). Universal TUN/TAP device driver Frequently Asked Question.

