Running as non-root user

There are two ways that OpenConnect can run without root privileges. The first is that it can use a tun device which is created and configured in advance by the root user, and set to be owned by the user who runs OpenConnect. NetworkManager uses OpenConnect in this mode.

The second is that it can avoid using the tun device altogether and instead spawn a user-supplied program, passing all data traffic through a UNIX socket to that program. This latter option can be used in conjunction with a userspace TCP stack such as lwip to provide SOCKS access to the VPN without giving full access to all untrusted users and processes on the computer, and without requiring root privileges at all. ocproxy is one such implementation.