diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 028ce05..7851da7 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -31,7 +31,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
 allow vpnc_t self:rawip_socket create_socket_perms;
 allow vpnc_t self:unix_dgram_socket create_socket_perms;
 allow vpnc_t self:unix_stream_socket create_socket_perms;
-allow vpnc_t self:tun_socket create;
+allow vpnc_t self:tun_socket  { create_socket_perms };
 # cjp: this needs to be fixed
 allow vpnc_t self:socket create_socket_perms;
 
@@ -46,6 +46,7 @@ files_pid_filetrans(vpnc_t, vpnc_var_run_t, { file dir})
 kernel_read_system_state(vpnc_t)
 kernel_read_network_state(vpnc_t)
 kernel_read_all_sysctls(vpnc_t)
+kernel_request_load_module(vpnc_t)
 kernel_rw_net_sysctls(vpnc_t)
 
 corenet_all_recvfrom_unlabeled(vpnc_t)
@@ -115,3 +116,7 @@ optional_policy(`
 		networkmanager_dbus_chat(vpnc_t)
 	')
 ')
+
+optional_policy(`
+	networkmanager_attach_tun_iface(vpnc_t)
+')