linux - What is difference between /dev/ppp and /dev/net/tun? -

what difference between ppp , tun/tap? both seem implementing networking on user-space programs.

with ppp, kernel creates ppp%d use , let userspace program provide backend it.
tun/tap, kernel creates tun%d use , let userspace program provide backend it...

how difficult change program using tun/tap (which seem unavailable on android device) ppp?

they both provide form of network access, why there 2 different things seem same thing? answer don't quite same thing.

the point-to-point protocol (ppp), designed around providing ip network connection on serial link. common thing providing serial link modem, , these present in mobile phones , ubiquituous several years ago when dialed service provider connect internet. ppp connection goes pc receiver converts serial signal ip packets routed across internet.

nowadays, when cable modem or adsl modem service provider, provides ip network connection on ethernet or wifi link. modem doing work of providing connection service provider, seen same ppp connection; it's computer no longer doing translation work of going ip packets signals on adsl line or cable connection. separate modem providing layer away complexity of talking provider, you're talking 'simple' ethernet/wifi.

the tun/tap mechanism allow access virtual private network (vpn) in layer above standard network connection; example if you're connecting cable modem via ethernet, providing access vpn on ethernet connection. if accessing internet on modem plugged directly pc, accessing vpn on ppp. on it's own, tun/tap interface not provide internet access, relies on pre-existing connection. it's example of network layering.

asking how difficult convert program using tun/tap network connection use ppp connection misunderstands 2 interfaces sit in provision of network access - tun/tap sit atop ppp. unencrypted packets enter tun/tap interface, encrypted, , sent ip packets ppp interface converts them serial signals sent remote end turns them ip packets , forwards them on vpn target decrypts them , routes them through it's own private network.

if remove tun/tap interface have modify any application wishes communicate across vpn of it's network communications need intercept them; encrypt them; forward them; receive responses , decrypt them. having tun/tap layer allow built-in ip routing take unencrypted packets encrypt them , forward them on - i.e. don't need modify of applications talking private network.

pretty every problem in computer science can solved adding layer of indirection. adding these layers, reduce complexity of individual components, can build powerful systems. if didn't have ppp interface, every program need know how talk serial, if didn't have tun/tap every program need know how talk vpn need know how talk serial.

the way remove tun/tap connection if ppp connection made private system. have use akin gsm data (which 9600 bits/second, , it's actual phone call), , you're not encrypting, , you're going on cellular network, kind of defeats whole intention of private network.

the following gross simplification of how various tunneling protocols work, should explain in enough detail should able understand why can't swap 1 other.

to understand why different vpn protocols use different interfaces doing work, have understand how designed. tap, l2tp , pptp examples of layer 2 protocol. tun example of layer 3 protocol.

to understand differences, i'll use postal analogy. layer 2 (also known link layer), equivalent of courier. hand him letter , physically hands recipient. courier knows potential destinations in area, message local area can dealt him.

if stretch analogy, post-box can seen valid layer 2 end-point. if want letters across country, put them in mailbox. analagous l2tp, pptp , tap wrapping packets transmission across network.

layer 3 address on letter - can used move letter post office post office gets hands of postman. ths wrapped packet gets routed through network.

it goes layer 2 @ point postman knows destination within delivery area , hands letter intended recipient. wrapped packet gets unwrapped , processed l2tp, pptp or tap end point

for tun, it's little bit easier. letters go directly local post office, delivered en-masse destination post office collect them. there may details getting letters post office, or post office destination address, that's not part of protocol.

then comes awkward details of how implemented. both l2tp , pptp defined in terms of ppp, established mechanism establishing direct connection between 2 end-points, in order talk across sort of system, both origin , destination need speak point-to-point protocol. tunneling provides virtual layer across these ppp messages travel (this tunneling gives them t in name).

the tap interface defined in terms of tunneling of ethernet packets - these packets see whizzing along on wifi connection. establishes simple bridge between 2 networks on these ethernet packets passed. ethernet packets typcially enclose ip packets, allowing put them straight out on wire @ destination without needing re-encapsulate them.

the tun interface defined in terms of tunneling of ip packets - these packets before have been transformed can travel on physical connection such ethernet/wifi. means establishing routed virtual ip network between computer , destination network. ip packets have destination defined routes provided interface sent interface.

the end product another network interface on system ip packets can sent to. interface wraps packet (in ppp packet pptp/l2tp; in ethernet packet tap; inside ip packet tun). encryption may involved before wrapping, or after wrapping or @ both points (depends on protocol). program understands l2tp versed in talking ppp, not able talk other protocols without significant rewrite.