There are two different types of VPN configurations that you can use when setting one up. They are TAPand TUN. TAP is derived from “to TAP into” something, and TUN is an abbreviation for TUNnel. It will depend on your use case to determine which configuration to go with. Let’s explore differences.
TAP
TAP operates on the OSI Layer 2. A TAP configuration allows you to simulates a physical ethernet adapter on the target LAN, and bridges the two networks together. TAP would allow you to see all devices (computers, printers, TVs) on the network, as if you were on the LAN in person. While, TAP may seem like the ideal choice, there are a lot of broadcast packets that will congest on the connection, and it is more complex to setup. An example use case would be managing a network remotely. You can setup a TAP VPN with OpenVPN.
TUN
TUN operates on the OSI Layer 3. This configuration allows you pass routable traffic over the VPN. This model configuration does not allow you to see devices on the LAN, but would allow you to see devices connected to the VPN server. Another way to think of it is that TUN provides access to a single IP address on the LAN, and provides access to the internet from that location. Since TUN does not provide the capabilities of a TAP configuration, the congestion and network overhead is lower. This could potentially make for a faster VPN than TAP. An example use case would be accessing Netflix content in another country. You can setup a TUN VPN with WireGuard or OpenVPN.