diff --git a/policy/modules/admin/vpn.if b/policy/modules/admin/vpn.if
index b5272fb1..ccda6e4c 100644
--- a/policy/modules/admin/vpn.if
+++ b/policy/modules/admin/vpn.if
@@ -110,7 +110,7 @@ interface(`vpn_signull',`
##
##
#
-interface(`vpnc_dbus_chat',`
+interface(`vpn_dbus_chat',`
gen_require(`
type vpnc_t;
class dbus send_msg;
@@ -119,3 +119,21 @@ interface(`vpnc_dbus_chat',`
allow $1 vpnc_t:dbus send_msg;
allow vpnc_t $1:dbus send_msg;
')
+
+########################################
+##
+## Relabelfrom from vpnc socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`vpn_relabelfrom_tun_socket',`
+ gen_require(`
+ type vpnc_t;
+ ')
+
+ allow $1 vpnc_t:tun_socket relabelfrom;
+')
diff --git a/policy/modules/admin/vpn.te b/policy/modules/admin/vpn.te
index 796ad452..0468e74d 100644
--- a/policy/modules/admin/vpn.te
+++ b/policy/modules/admin/vpn.te
@@ -30,7 +30,7 @@ allow vpnc_t self:udp_socket create_socket_perms;
allow vpnc_t self:rawip_socket create_socket_perms;
allow vpnc_t self:unix_dgram_socket create_socket_perms;
allow vpnc_t self:unix_stream_socket create_socket_perms;
-allow vpnc_t self:tun_socket create_socket_perms;
+allow vpnc_t self:tun_socket { create_socket_perms relabelfrom };
# cjp: this needs to be fixed
allow vpnc_t self:socket create_socket_perms;