The MacOS one must be a userland implementation because if it required kernel modules, it wouldn't be able to be in the App Store. The only way to implement a VPN on the App Store is to use the higher level APIs, as far as I know.

The Linux one may be "superior" in that it's able to process packets faster, but the resulting user experience is quite different. If you have multiple VPN apps, even including userspace ones like OpenVPN, the likelihood of all of them reliably handling host OS interactions cleanly with regular usage over time drops. They have to do the same kinds of things in that Tunnelblick script I linked.

> "The Linux one may be "superior" in that it's able to process packets faster, but the resulting user experience is quite different."

"Process packets faster" is one way of looking at it. Better battery life is another way of framing it less dismissively.

(OpenVPN sucks and I don't really see how it's relevant to the discussion.)