tunnel device for Mac OS X

News: Mattias Nissler wrote another tunnel driver for Mac OS X. His driver supports both tun and tap interfaces. [website]

Important: I am no longer able to work on the tunnel driver. I'm still looking for a new maintainer. If you send me e-mail with questions about the tunnel driver, don't expect an answer. Sorry.

The tunnel kernel extension provides the interfaces necessary for running certain VPNs and network tunneling programs on Mac OS X. Examples for such programs include VTun, OpenVPN, and various PPTP implementations. While the so-called tun driver is standard on the BSD line of operating systems and the source code is actually present in the Darwin source code repository, Apple doesn't build it into the Mac OS X kernels.

This code is based on the FreeBSD tun driver, originally written by Julian Onions. It was ported to Mac OS X 10.0 by Stefan Arentz and later adapted to Mac OS X 10.1 and 10.2 by Christoph Pfisterer.

Known Problems

Unloading the kernel extension (with kextunload) can cause a kernel crash. In Mac OS X 10.1, you'll get a "kernel panic" message on the screen with some diagnostic data. Mac OS X 10.2 will just tell you that "you need to restart your computer", in several languages. Anyway, this problem affects all versions of the driver and so far noone was able to track it down. Only unload the extension if you absolutely must.

Mac OS X 10.2 and up will complain about security if the files of the kernel extension are owned by your user account. Apparently, the "Fix and Use" option in the dialog box sometimes doesn't work. This can be fixed manually by running sudo chown -R root:wheel tunnel.kext and sudo chmod -R go-w tunnel.kext.

This kernel extension only provides a "tun" interface, not a "tap" interface. Early versions of OpenVPN for Windows only provided a "tap" driver, so communication between the two platforms was impossible. Current versions of OpenVPN for Windows include a "tun" driver (to my knowledge, at least).

There seem to be issues with Mac OS X 10.2.6 and later. I'm working on this. As a temporary workaround, you can download the source code and compile it on your machine.

Files for Mac OS X 10.3

I don't have 10.3 (a.k.a. Panther) yet, but Adam Kramer was able to compile version 1.2.1 on 10.3. Here is his tarball:

Files for Mac OS X 10.2

The new version 1.2.1 contains a fix (contributed by Olivier Chéron) that should allow it to work with OpenVPN again. A startup item is now also included. Instructions are inside the tarballs.

Files for Mac OS X 10.1

For the unlucky souls still running Mac OS X 10.1, here is tunnel version 1.1.0. It is known to work with VTun and OpenVPN, save the unloading problem. Instructions are inside the tarballs.

Feb 10, 2005 Copyright © 2002-2011 Christoph Pfisterer