gpclient as cli needs to run as root

[hack-hard]

Describe the bug
when running gpclient we get
Failed to bind local tun device (TUNSETIFF): Operation not permitted
[2025-05-28T09:28:05Z WARN openconnect::ffi] To configure local networking, openconnect must be running as root

running as root fixes the problem

Expected behavior
the gui does not need root access, the cli shoudn't

Screenshots
If applicable, add screenshots to help explain your problem.

Logs

• For the GUI version, you can find the logs at ~/.local/share/gpclient/gpclient.log
• For the CLI version, copy the output of the gpclient command.

Environment:

• OS: arch
• Desktop Environment: kde
• Is remote SSH? no

Additional context
Add any other context about the problem here.

[yuezk]

The reason the GUI doesn't require a sudo command is that we have predefined a polkit policy for it. It still using sudo under the hood.

GlobalProtect-openconnect/packaging/files/usr/share/polkit-1/actions/com.yuezk.gpgui.policy

Lines 1 to 18 in ea9819d

	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE policyconfig PUBLIC "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN" "http://www.freedesktop.org/standards/PolicyKit/1/policyconfig.dtd">
	<policyconfig>
	<vendor>The GlobalProtect-openconnect Project</vendor>
	<vendor_url>https://github.com/yuezk/GlobalProtect-openconnect</vendor_url>
	<icon_name>gpgui</icon_name>
	<action id="com.yuezk.gpgui.service">
	<description>Run GPService as root</description>
	<message>Authentication is required to run the GPService as root</message>
	<defaults>
	<allow_any>auth_admin</allow_any>
	<allow_inactive>auth_admin</allow_inactive>
	<allow_active>yes</allow_active>
	</defaults>
	<annotate key="org.freedesktop.policykit.exec.path">/usr/bin/gpservice</annotate>
	<annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>
	</action>
	</policyconfig>