INACTIVE - NO LONGER MAINTAINED

This project has been inactive since at least 2015. While the kernel extensions kept working for a few OS X releases, with Apple requiring notarization and moving away from kernel extensions in general (which is a good thing!), this project is no longer relevant.

Old releases are still available until further notice in case they are helpful. If you really need the kernel extensions on more recent operating systems, you might try the notarized kernel extensions provided by the Tunneblick project: https://github.com/Tunnelblick/Tunnelblick/tree/master/third_party

Home FAQ Download Development

Frequently Asked Questions

Who is involved in this project?

Currently, there is only myself (Mattias Nissler) active in the maintenance of the TunTap software. However, numerous other people have reported bugs, provided small patches and most importantly, tested prerelease versions.

Why do you run this project?

When I still was using Mac OS X on a daily basis, I came across the need of tun and tap devices for Mac OS X. Because nothing that suited my needs was available, I started this project.

I tried installing the package, but it failed. What do I do?

First, make sure you exit all programs that might be using a tun or tap interface. OpenVPN is one obvious candidate, but there may be others depending on what software you run on your computer. If you still have problems, feel free to seek help on the mailing list.

What is the startup item for?

The startup items load the kernel extensions at boot time. You can also go without the startup items, but then you will have to load the kernel extensions manually.

I want to remove the software from my computer. How do I do that?

Unfortunately, Apple's installer packages do not provide a way to remove software. Therefore, you will need to delete the files manually. Just remove the following directories (you need to do this with Administrator privileges):

  • /Library/Extensions/tap.kext
  • /Library/Extensions/tun.kext
  • /Library/StartupItems/tap
  • /Library/StartupItems/tun

That's it!

I have a VPN connection using tap. Can I create an Ethernet bridge between the VPN interface and a physical Ethernet interface?

The issue here is that Mac OS X does not have Ethernet bridging built in. The only software I know about that claims to provide Ethernet bridging is IPNetRouterX (note that it is commercial, i.e. not free). However, I have not tried this myself, so I cannot tell you if or how well it works. Note that setups similar to bridging can also be achieved by using IP-level packet forwarding combined with Network Address Translation (NAT). From what I have seen in the Darwin kernel, I think it should not be too hard to create an Ethernet bridging kernel extension for Mac OS X by exploiting the filtering KPI (see Apple's documentation). However, at the moment I do not have the time an interest to do it myself ;-)

You screwed up, my computer crashed! How can I help fix this?

Well, sorry for that. While the software is generally quite stable, I appreciate any reports that help me fix crashes. If you encounter a crash, please post a message to the mailing list. State which TunTap and Mac OS X versions you use (if you do not run the latest version, you should probably first upgrade to see whether the bug is already fixed). Also include the contents of the /Library/Logs/panic.log file. It includes a stack backtrace that helps finding out what your computer did when it encountered the crash.

Loading the tun kernel extensions fails and my system log says "could not register PF_INET protocol family: 17". WTF?

You probably have the Cisco Systems Anyconnect VPN software installed. At the moment, this software causes a conflict because it contains an own tun kernel extension. I've talked to a Cisco enginner who said Cisco would try and resolve the issues. However, since then I have not received any updates on this. In the mean time, you can use the following script for switching between the regular tuntap installation and Cisco's flavor (contributed by Josh Berkus, thanks for that): 

#!/usr/bin/perl

# this script switches between the TUN drivers needed for Cisco and the drivers
# needed for OpenVPN on Mac OSX.

# usage: "vpnswitch cisco" or "vpnswitch open"

# written by Josh Berkus 2009.  Freely offered to the public domain.
# If your jurisdiction doesn't support that, then it is also available under the
# BSD License.

my ( $mode ) = @ARGV;

if ( $mode =~ /^c/i ) {
   system ("sudo kextunload /Library/Extensions/tun.kext");
   system ("sudo kextunload /Library/Extensions/tap.kext");
   system ("sudo /System/Library/StartupItems/CiscoTUN/CiscoTUN start");
} elsif ( $mode =~ /^o/i ) {
   system ("sudo /System/Library/StartupItems/CiscoTUN/CiscoTUN stop");
   system ("sudo kextload /Library/Extensions/tun.kext");
   system ("sudo kextload /Library/Extensions/tap.kext");
} else {
  print "missing parameter\n";
}

exit(0);

I'm a developer and I try to read() and write() to the character devices. However, all it gives me is an "Input/Output error". Why is that?

You can only read and write packets from and to the kernel while the corresponding network interface is up. The setup sequence is as follows (using tap0 as an example):

  • open() the character device /dev/tap0.
  • Configure the network interface tap0 and bring it up. Typically, you'll also want to assign an IP address. Here is an example using ifconfig (but you can also configure the device programatically using the usual IOCTLs): 
    ifconfig tap0 10.1.2.3 up
  • Once the interface has been brought up, you can use the read() and write() functions on the character device's file descriptor to receive or send a packet at a time.
  • When you're done, close() the character device. This will remove the network interface from the system.

Valid XHTML and CSS
This project is hosted by sourceforge.net
Copyright © 2008, 2009 Mattias Nissler <mattias.nissler@gmx.de>