-RemainAfterExit=yes
-ExecStartPre=/usr/bin/dbus-send --system --dest=net.netconfig / net.netconfig.auto.activate
-ExecStart=/usr/sbin/connmand --noplugin vpn
-CapabilityBoundingSet=~CAP_MAC_ADMIN
-CapabilityBoundingSet=~CAP_MAC_OVERRIDE
+Restart=on-failure
+SmackProcessLabel=System
+ExecStart=@bindir@/connmand -n --nobacktrace --noplugin vpn
+StandardOutput=null
+Capabilities=cap_setgid,cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i
+SecureBits=keep-caps