I have a site-2-site openvpn configuratoin (routed). There's no problem to have vpn by starting openvpn on server and client as root. But as a normal user, upon running "openvpn client.conf", it failed to start a vpn to server and the following error messages appeared:

Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot allocate TUN/TAP dev dynamically
/dev/net/tun is owned by "root" but "rw" to all.

I guess normal user should have access to run openvpn whenever he/she feels necessary. So, what is wrong and is there any security issue with this?