He all.
According to
https://tunnelblick.net/cBigSur.html
> CAN'T FIX: Tunnelblick's Tun and Tap system extensions do not load.
>
> If your configuration requires a Tun or Tap system extension, connecting to your VPN will fail if an appropriate system extension is not loaded.
>
> macOS Big Sur 11.0.1 does not allow Tunnelblick to load its Tun or Tap system extensions. Apple says that as a workaround "during development" one can temporarily disable System Integrity Protection to allow these system extensions to load when logged in as an Admin user. This workaround may not work in a future version or update of Big Sur — see The Future of Tun and Tap VPNs on macOS.
>
> Note: If you are using a Tun VPN, you can modify your OpenVPN configuration file so it will work without the "Tun" system extension. See The Future of Tun and Tap VPNs on macOS.
>
> FEATURE: Tunnelblick disables loading of Tun and Tap system extensions.
>
> This is actually, really, truly a feature, not a bug!
>
> When running on macOS Big Sur, Tunnelblick forces the settings on Tunnelblick's "Advanced" settings window to "never load" system extensions. You can override that behavior and allow the settings to act normally, which is useful if you have disabled SIP and/or your version of Big Sur allows Tunnelblick to load the system extensions. You can override the behavior by executing the following command in Terminal:
>
> defaults write net.tunnelblick.tunnelblick bigSurCanLoadKexts -bool yes
I has the latest stable version of tunnelblick 3.8.4a.
As I can understand due to BigSur 11.0.1 prevent to load a tap device when SIP is turned on you force to disable UI option for loading such device.
But this is not true by now. I has BigSur 11.1 (updated yesterday), SIP (
prof $ csrutil status
System Integrity Protection status: enabled.
) and after manually enabling "defaults write net.tunnelblick.tunnelblick bigSurCanLoadKexts -bool yes" the device was loaded
225 0 0xffffff7fa236e000 0x6000 0x6000 net.tunnelblick.tun (5300.3) 64C5EF5F-74D9-300D-BE27-724B8A88EFB9 <8 6 5 1>
226 0 0xffffff7fa2367000 0x6000 0x6000 net.tunnelblick.tap (5300.3) 7CADB84E-01B1-3CD4-8FE3-CA4D2BE6C67E <8 6 5 1>
So, IMHO, disabling the devices in the UI was wrong decision, it is working finely. I suppose "Apple says that as a workaround during development" already done in the BigSur 11.1. So, please, return this option back. :)
--
С уважением,
Самойлов Олег
Ведущий разработчик отдела развития инфраструктуры, ООО «ЦНС»
https://www.domclick.ru