Is an SSH jump server a VPN (or forwarding a port from another machine at VPN)? I'd suggest neither are because it's connection-based rather than setting up a network (with routing etc). Absent a network, it's a proxy (which can be used like some deployments of a VPN).
I see your point, but I think that might label many uses of wireguard in tailscale "not a VPN" because they use imaginary network devices that only exist inside the tailscale process. Saying that would feel very wrong. On the other hand if process internals can be the deciding factor, then optimizing the code one way or the other could change whether a system is "VPN" or "not a VPN" even though it looks exactly the same from the outside. That doesn't feel great either.
And do we even know if Opera uses internal network addresses for its "VPN"?
I think I'm willing to say that routing all internet traffic from a program through a tunnel can be called either a VPN or a proxy.
I'm not up-to-date with the internals of tailscale, but my impression was they run additional services on top of the actual VPN (that is their "value-add" to wireguard), some of which are actual proxies, which hence blur that line in the minds of users (along with some so-called "VPN" providers who are just providing proxies).
In the modes I'm talking about, there's a real wireguard VPN that your local tailscale process is participating in. But instead of attaching it to a TAP device, there's a whole virtual networking stack inside the tailscale process.
You could treat it like running a normal VPN app inside a virtual machine. Surely that's still be a VPN, or the distinction gets weird. But if we do agree it's a VPN, a couple examples based on this one will force the distinction to get weird anyway. The line of VPN or not is surprisingly blurry.
Really none of these VPNs are VPNs either since they don't establish a virtual private network. They are just tunnels for your internet access. Tailscale is actual VPN software. It simulates a private network.
