[Service]
Type=dbus
-BusName=net.connman.vpn
-SmackProcessLabel=System
-ExecStart=@sbindir@/connman-vpnd -n
User=network_fw
Group=network_fw
+BusName=net.connman.vpn
+SmackProcessLabel=System
+ExecStart=@bindir@/connman-vpnd -n
StandardOutput=null
+Capabilities=cap_net_admin,cap_net_bind_service,cap_net_broadcast,cap_net_raw,cap_dac_override=i
+SecureBits=keep-caps
+ProtectHome=read-only
+ProtectSystem=full
[Install]
WantedBy=multi-user.target