Both provide some form of network access, why are there two different things that seem to do the same? The answer is that they do not quite do the same.
The point-to-point protocol ( ppp ) is designed to provide an IP connection to the network via a serial link. The most common thing that provides serial communication is a modem, and they were present on mobile phones and were a few years ago when you dialed your service provider to connect to the Internet. Your ppp connection goes from your computer to the receiver, which converts the serial signal back to IP packets that are routed over the Internet.
Currently, when you receive a cable modem or ADSL modem from your service provider, it provides connection to the IP network via Ethernet or WiFi. The modem actually does the job of providing the connection back to your service provider, which can be considered the same as the ppp connection; itโs just that your computer no longer does the work of switching from IP packets to ADSL or cable connections. A separate modem provides a layer of the complexity of communicating with the provider, you just say "simple" Ethernet / WiFi.
The Tun / Tap mechanism allows you to access a virtual private network ( vpn ) above a standard network connection; therefore, for example, if you connect to your cable modem via Ethernet, then this provides access to vpn via your Ethernet connection. If you connected to the Internet through a modem that was connected directly to the computer, you would have access to your vpn through ppp . Actually, the tun / tap interface does not provide Internet access, it relies on an existing connection. This is an example of network bundle.
Asking how difficult it is to convert the program using the tun / tap network connection to use the ppp connection, he misunderstands where the two interfaces are in providing your network access - tun / tap will sit on top of ppp. unencrypted packets enter the tun / tap interface, are encrypted, and then sent as IP packets to the ppp interface, which converts them into serial signals that are sent to the remote end, which returns them back to the IP packets and forwards them to vpn , which decrypts and directs them through its own network.
If you remove the tun / tap interface, you will have to change any application that wants to communicate via vpn so that any of them needs to be intercepted; encrypt them; send them; Receive answers and decrypt them. Using the tun / tap layer, you allow built-in IP routing to accept unencrypted packets by encrypting them and forwarding them, that is, you do not need to change any applications that talk to the private network.
Almost every problem in computer science can be solved by adding a layer of indirection. By adding these layers, we reduce the complexity of the individual components, but we can create powerful systems. If we didnโt have a ppp interface, every program would have to know how to talk by serial number, if we hadnโt had tun / tap, every program would have to know how to talk vpn, and we also need to know how to talk on the series.
The only way to remove the tun / tap connection would be if the ppp connection was made on the private system. You will need to use something similar to GSM data (this is 9600 bps, and this is the actual phone call), and even then you donโt encrypt and you go through the cellular network, some win the whole intention of the private network.
The following is a gross simplification of the operation of various tunneling protocols, but it should be explained in sufficient detail that you must understand why you cannot just exchange one for the other.
To understand why different vpn protocols use different interfaces to do their job, you need to understand how they were developed. TAP, L2TP, and PPTP are examples of a layer 2 protocol. TUN is an example of a layer 3 protocol.
To understand the differences, I will use the mail analogy. Level 2 (also known as communication level) is the equivalent of a courier. You give him a letter, and he physically transfers it to the recipient. The courier knows all the potential destinations in his area, any message for this local area can be considered by him.
If we stretch this analogy, the mailbox can also be seen as the actual endpoint of level 2. If you want to receive letters throughout the country, you put them in the mailbox. This is similar to L2TP, PPTP and TAP, which pack their packets for transmission over the network.
Level 3 is the address on the letter - it can be used to move the letter from the postal branch to the post office, where it finally falls into the hands of the postman. Ths is where the wrapped packet is routed through the network.
He returns to level 2 at the moment when the postman knows the destination within his delivery area and sends the letter to the intended recipient. Here the packed packet is unpacked and then processed by the endpoint L2TP, PPTP or TAP
For TUN, this is a little easier. Your letters are sent directly to your local post office, delivered to the post office where you collect them. There may be some information about receiving letters at the post office or post office to the destination address, but this is actually not part of the protocol.
Then uncomfortable details of how they are implemented appear. Both L2TP and PPTP are defined in terms of ppp , a well-established mechanism for establishing a direct connection between two endpoints, so in order to talk through this system, both the source and the receiver will need to talk about a point-to-point protocol. Tunneling provides a virtual layer over which these ppp messages travel (this tunneling is what gives them T in their name).
The TAP interface is defined in terms of tunneling ethernet packets - these are packets that you will see when you make your way through your Wi-Fi connection. It establishes a simple bridge between the two networks over which these ethernet packets are transmitted. Ethernet packets typically cover IP packets, which allows you to install them directly on the wire at your destination without repackaging them.
The TUN interface is defined in terms of tunneling IP packets โ these are packets before they are converted so that they can travel over a physical connection, such as Ethernet / WiFi. This means that you are establishing a routed virtual IP network between your computer and the destination network. IP packets that have a destination defined by the routes provided by this interface are sent to this interface.
The end product is another network interface on their system to which IP packets can be sent. This interface wraps the packet (in a ppp packet for PPTP / L2TP, in an Ethernet packet for TAP, inside another IP packet for TUN). Encryption can be used before packaging or after wrapping, or at both points (depending on protocol). A program that understands L2TP will be well versed in ppp conversation, but will not be able to talk about other protocols without significant rewriting.