Tunnelblick loads and unloads its kexts dynamically as it connect and disconnects VPNs, so it won't create a tap0 for you to use unless you can use "simh" while a VPN is connected.
However, you can load and unload Tunnelblick's kexts using a command included in Tunnelblick. Tunnelblick's kexts are signed and notarized, so they can be used on all recent versions of macOS.
You don't need to be running Tunnelblick to load a kext, but you need to have installed Tunnelblick (once). Installing Tunnelblick will install its "daemon" (tunnelblickd), which allows non-privileged users to perform certain privileged operations.
After installing Tunnelblick, you can load a tap kext with the following command in Terminal (or a script):
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart loadKexts 2
(The "2" is a bitmask consisting of a "1" in bit 1, which indicates a tap kext should be loaded.)
The command to unload a tap kext is similar:
/Applications/Tunnelblick.app/Contents/Resources/openvpnstart unloadKexts 2
Notes:
- These commands load and unload tap0...tap15.
- The unload command always tries to unload "foo.tap", which will fail; you can simply ignore that error.
- The "openvpnstart" command is used to interface with tunnelblickd,
- Recent versions of macOS require additional user input the first time a kext is loaded; see Tunnelblick on macOS High Sierra and macOS Mojave, Tunnelblick on macOS Catalina, or Tunnelblick on macOS Big Sur.
- To load or unload Tunnelblick's tun kext, replace the "2" in the commands with a "1". Note that there are no known circumstances when this needs to be done; the macOS "utun" device driver included in macOS 10.6.8 and higher should be used instead.