支持M1 的TUN/TAP驱动集成

[happyntec]

有三种情况需要处理:

1. <macos11的Intel版本MacOS；直接安装即可
2. >=macos11 的Intel版本MacOS；需要开放权限；参考
3. >=macos11 的M1 MacOS；需要重启进入Recovery模式开放第三方的Kext载入权限，参考

参考文档: https://support.apple.com/zh-cn/guide/security/sec8e454101b/web

[happyntec]

如果在没有权限的情况下手工载入驱动会报如下错误:

kextload /Library/Extensions/tap.kext

Error Domain=KMErrorDomain Code=71 "Insufficient permissions for action: Unable to load 'com.apple.driver.AppleMobileDevice' in unprivileged request." UserInfo={NSLocalizedDescription=Insufficient permissions for action: Unable to load 'com.apple.driver.AppleMobileDevice' in unprivileged request.}
m1@173c096d-beff-4ed8-8fbb-e60fa8416af4 happynmacos % sudo kextload /Library/Extensions/tap.kext
Error Domain=KMErrorDomain Code=27 "Extension with identifiers com.apple.nke.rvi,net.tunnelblick.tun,net.tunnelblick.tap not approved to load. Please approve using System Preferences." UserInfo={NSLocalizedDescription=Extension with identifiers com.apple.nke.rvi,net.tunnelblick.tun,net.tunnelblick.tap not approved to load. Please approve using System Preferences.}

m1@happyn ~ % sudo kextload /Library/Extensions/tunnelblick-tap.kext
Password:
Executing: /usr/bin/kmutil load -p /Library/Extensions/tunnelblick-tap.kext
Error Domain=KMErrorDomain Code=27 "Extension with identifiers net.tunnelblick.tap,com.apple.nke.rvi,net.tunnelblick.tun not approved to load. Please approve using System Preferences." UserInfo={NSLocalizedDescription=Extension with identifiers net.tunnelblick.tap,com.apple.nke.rvi,net.tunnelblick.tun not approved to load. Please approve using System Preferences.}

[happyntec]

原生的M1 MacOS12，默认硬件配置为:

m1@173c096d-beff-4ed8-8fbb-e60fa8416af4 ~ % ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
anpi1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether d6:db:e9:ed:65:ca
        inet6 fe80::d4db:e9ff:feed:65ca%anpi1 prefixlen 64 scopeid 0x4
        nd6 options=201<PERFORMNUD,DAD>
        media: none
        status: inactive
anpi0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether d6:db:e9:ed:65:c9
        inet6 fe80::d4db:e9ff:feed:65c9%anpi0 prefixlen 64 scopeid 0x5
        nd6 options=201<PERFORMNUD,DAD>
        media: none
        status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
        ether 14:98:77:39:81:6d
        inet6 fe80::1698:77ff:fe39:816d%en0 prefixlen 64 scopeid 0x6
        inet6 2001:bc8:a01:3:1698:77ff:fe39:816d prefixlen 64 autoconf
        inet 51.159.120.148 netmask 0xffffff00 broadcast 51.159.120.255
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect (1000baseT <full-duplex>)
        status: active
en4: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether d6:db:e9:ed:65:a9
        nd6 options=201<PERFORMNUD,DAD>
        media: none
        status: inactive

en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether d6:db:e9:ed:65:aa
        nd6 options=201<PERFORMNUD,DAD>
        media: none
        status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=460<TSO4,TSO6,CHANNEL_IO>
        ether 36:98:34:dd:f5:00
        media: autoselect <full-duplex>
        status: inactive
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=460<TSO4,TSO6,CHANNEL_IO>
        ether 36:98:34:dd:f5:04
        media: autoselect <full-duplex>
        status: inactive
ap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether 36:98:77:44:2f:b3
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
        ether 14:98:77:44:2f:b3
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: inactive
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether 16:99:f6:dd:b3:9c
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=63<RXCSUM,TXCSUM,TSO4,TSO6>
        ether 36:98:34:dd:f5:00
        Configuration:
                id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
                maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
                root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
                ipfilter disabled flags 0x0
        member: en2 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 9 priority 0 path cost 0
        member: en3 flags=3<LEARNING,DISCOVER>
                ifmaxaddr 0 port 10 priority 0 path cost 0
        nd6 options=201<PERFORMNUD,DAD>
        media: <unknown type>

utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
        inet6 fe80::543d:2b52:4b4c:418e%utun0 prefixlen 64 scopeid 0xf
        nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
        inet6 fe80::1caa:ad97:c92e:a2f9%utun1 prefixlen 64 scopeid 0x10
        nd6 options=201<PERFORMNUD,DAD>
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1000
        inet6 fe80::ce81:b1c:bd2c:69e%utun2 prefixlen 64 scopeid 0x11
        nd6 options=201<PERFORMNUD,DAD>

[happyntec]

默认权限截图为: