In processing systems, Kernel space is conventionally strictly reserved for running a privileged operating system kernel, kernel extensions, and most device drivers. In contrast, user space is the memory area where application software and some drivers execute. Each user space process normally runs in its own virtual memory space, and, unless explicitly allowed, cannot access the memory of other processes. This is the basis for memory protection in modern operating systems, and a building block for privilege separation.
Conventionally, virtual private network (VPN) implementations reside exclusively in either user space or kernel space. Conventional implementations such as secure sockets layer (SSL), transport layer security (TLS), virtual private networks (VPNs) and OpenVPN typically reside in user space. Other conventional implementations such as Internet Protocol Security (IPSec) and Layer Two Tunneling Protocol (L2TP) run exclusively in kernel space.
Because operating systems restrict operations in kernel space, secure communications are easier to implement in user space. However, user space only has limited access to the resources available in kernel space, thereby hampering efficient operation.