[ Thanks to Ramsai
for this link. ]
“The modular structure of OpenVPN can not only be found
in its security model, but also in the networking scheme. James
Yonan chose the Universal TUN/TAP driver for the networking layer
of OpenVPN.“The TUN/TAP driver is an open source project that is included
in all modern Linux/Unix distributions, as well as Windows,
Solaris, and Mac OS X. Like SSL/TLS, it is used in many projects,
and therefore it is steadily being improved, and new features are
being added. Using the TUN/TAP devices takes away a lot of
complexity from the structure of OpenVPN. Its simple structure
brings increased security when compared to other VPN solutions.
Complexity is always the main enemy of security. For example, IPsec
has a complex structure with complex modifications in the kernel
and the IP stack, thereby creating many possible security
loopholes.“The Universal TUN/TAP driver was developed to provide Linux
kernel support for tunneling IP traffic. It is a virtual network
interface, which appears as authentic to all applications and
users. Only the name tunX or tapX distinguishes it from other
devices. Every application that is capable of using a network
interface can use the tunnel interface. Every technology that you
are running in your network can be run on a TUN or TAP interface
too.”