The other deployment model for OpenVPN is a single server with multiple remote clients capable of routing Ethernet traffic. We refer to this deployment model as client/server mode with tap devices.

The main difference between tun and tap mode is the type of adapter used. A tap adapter provides a full virtual Ethernet (layer 2) interface, whereas a tun adapter is seen as a point-to-point (layer 3) adapter by most operating systems. Computers connected using (virtual) Ethernet adapters can form a single broadcast domain, which is needed for certain applications. With point-to-point adapters, this is not possible. Also, note that not all operating systems support tap adapters. For example, both iOS and ...