All users belonging to the primary group users created by root can use VPN client. By default, all users belong to this group.
If users is not the primary group of those users who require VPN access, non-root access can be allowed by doing the following:
Log in as root.
Open the racoon.conf file (/etc/racoon/racoon.conf).
Replace users with the name of the group that requires VPN access.
Restart IKE by entering the following:
/etc/init.d/racoon restart
The root cannot allow multiple groups to use VPN client. So, if a new group is permitted by modifying the racoon.conf, only users belonging to that group can access VPN.