testing: Converted swanctl to systemd

2017-11-10 17:21:40 +01:00 · 2017-11-10 17:21:40 +01:00 · 70dc5bb8ad
parent 65f74cd13d
commit 70dc5bb8ad
181 changed files with 1170 additions and 849 deletions
--- a/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/config-payload/hosts/moon/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    pools = /usr/local/sbin/swanctl --load-pools 
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/config-payload/posttest.dat
+++ b/testing/tests/swanctl/config-payload/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home
 dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/config-payload/pretest.dat
+++ b/testing/tests/swanctl/config-payload/pretest.dat
@ -2,9 +2,9 @@ moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
 moon::cat /etc/swanctl/swanctl_base.conf
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw-carol
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/carol/etc/strongswan.conf
@ -1,16 +1,19 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
-
+    auth {
      default = 0
    }
  }
  cache_crls = yes
 }
--- a/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/crl-to-cache/hosts/moon/etc/strongswan.conf
@ -1,16 +1,19 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 gmp x509 curl revocation hmac kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
-
+    auth {
      default = 0
    }
  }
  cache_crls = yes
 }
--- a/testing/tests/swanctl/crl-to-cache/posttest.dat
+++ b/testing/tests/swanctl/crl-to-cache/posttest.dat
@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::rm /etc/swanctl/x509crl/*
 carol::rm /etc/swanctl/x509crl/*
--- a/testing/tests/swanctl/crl-to-cache/pretest.dat
+++ b/testing/tests/swanctl/crl-to-cache/pretest.dat
@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce sha1 sha2 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-  start-scripts {
+   syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/dhcp-dynamic/hosts/moon/etc/strongswan.conf
@ -4,14 +4,17 @@ swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown attr farp dhcp
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
    }
    auth {
      default = 0
    }
  }
  plugins {
    dhcp {
      server = 10.1.255.255
--- a/testing/tests/swanctl/dhcp-dynamic/posttest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home
 dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 venus::cat /var/state/dhcp/dhcpd.leases
 venus::server isc-dhcp-server stop 2> /dev/null
 moon::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/dhcp-dynamic/pretest.dat
+++ b/testing/tests/swanctl/dhcp-dynamic/pretest.dat
@ -3,9 +3,9 @@ carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
 venus::cat /etc/dhcp/dhcpd.conf
 venus::service isc-dhcp-server start 2> /dev/null
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/carol/etc/strongswan.conf
@ -1,16 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/dave/etc/strongswan.conf
@ -1,16 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv4/hosts/moon/etc/strongswan.conf
@ -1,16 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv4/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv4/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home 2> /dev/null
 dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/frags-ipv4/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv4/pretest.dat
@ -1,9 +1,9 @@
 moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/carol/etc/strongswan.conf
@ -1,17 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-    auth  = /usr/local/sbin/swanctl --load-authorities
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/dave/etc/strongswan.conf
@ -1,17 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-    auth  = /usr/local/sbin/swanctl --load-authorities
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/frags-ipv6/hosts/moon/etc/strongswan.conf
@ -1,17 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default updown vici
  fragment_size = 1400
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-    auth  = /usr/local/sbin/swanctl --load-authorities
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/frags-ipv6/posttest.dat
+++ b/testing/tests/swanctl/frags-ipv6/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home 2> /dev/null
 dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/frags-ipv6/pretest.dat
+++ b/testing/tests/swanctl/frags-ipv6/pretest.dat
@ -7,9 +7,9 @@ dave::ip6tables-restore < /etc/ip6tables.rules
 alice::"ip route add fec0:\:/16 via fec1:\:1"
 carol::"ip route add fec1:\:/16 via fec0:\:1"
 dave::"ip route add fec1:\:/16 via fec0:\:1"
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default resolve updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool-db/hosts/moon/etc/strongswan.conf
@ -1,17 +1,20 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown sqlite attr-sql vici
  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds 
    conns = /usr/local/sbin/swanctl --load-conns
  } 
  syslog {
    daemon {
      default = 1
    }
    auth {
      default = 0
    }
  }
  plugins {
    attr-sql {
      database = sqlite:///etc/db.d/ipsec.db
@ -21,4 +24,5 @@ charon {
 pool {
  load = sqlite
  database = sqlite:///etc/db.d/ipsec.db
 }
--- a/testing/tests/swanctl/ip-pool-db/posttest.dat
+++ b/testing/tests/swanctl/ip-pool-db/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home
 dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/ip-pool-db/pretest.dat
+++ b/testing/tests/swanctl/ip-pool-db/pretest.dat
@ -7,9 +7,9 @@ moon::ipsec pool --addattr nbns --server PH_IP_VENUS 2> /dev/null
 moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ip-pool/hosts/moon/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    pools = /usr/local/sbin/swanctl --load-pools 
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ip-pool/posttest.dat
+++ b/testing/tests/swanctl/ip-pool/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home
 dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
 dave::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/ip-pool/pretest.dat
+++ b/testing/tests/swanctl/ip-pool/pretest.dat
@ -1,9 +1,9 @@
 moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
 dave::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/manual-prio/hosts/moon/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/manual-prio/posttest.dat
+++ b/testing/tests/swanctl/manual-prio/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home
 dave::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 winnetou::ip route del 10.1.0.0/16 via 192.168.0.1
 carol::ip route del 10.1.0.0/16 via 192.168.0.1
 dave::ip route del 10.1.0.0/16 via 192.168.0.1
--- a/testing/tests/swanctl/manual-prio/pretest.dat
+++ b/testing/tests/swanctl/manual-prio/pretest.dat
@ -1,9 +1,9 @@
 winnetou::ip route add 10.1.0.0/16 via 192.168.0.1
 carol::ip route add 10.1.0.0/16 via 192.168.0.1
 dave::ip route add 10.1.0.0/16 via 192.168.0.1
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/carol/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/dave/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-sim eap-sim-file eap-identity updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/hosts/moon/etc/strongswan.conf
@ -1,13 +1,16 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac xcbc vici kernel-netlink socket-default fips-prf eap-radius eap-identity updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
-
+    auth {
      default = 0
    }
  }
  plugins {
    eap-radius {
      secret = gv6URkSs
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/posttest.dat
@ -1,4 +1,4 @@
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 alice::killall radiusd
--- a/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
+++ b/testing/tests/swanctl/mult-auth-rsa-eap-sim-id/pretest.dat
@ -5,9 +5,9 @@ alice::cat /etc/freeradius/triplets.dat
 carol::cat /etc/ipsec.d/triplets.dat
 dave::cat /etc/ipsec.d/triplets.dat
 alice::radiusd
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home 2> /dev/null
--- a/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/carol/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/dave/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/multi-level-ca/hosts/moon/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    auths = /usr/local/sbin/swanctl --load-authorities
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/multi-level-ca/posttest.dat
+++ b/testing/tests/swanctl/multi-level-ca/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home 2> /dev/null
 dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-carol::rm -r /etc/swanctl
+carol::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
-dave::rm -r /etc/swanctl
+dave::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
-moon::rm -r /etc/swanctl
+moon::cd /etc/swanctl; rm -r rsa/* x509/* x509ca/*
--- a/testing/tests/swanctl/multi-level-ca/pretest.dat
+++ b/testing/tests/swanctl/multi-level-ca/pretest.dat
@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection research
 carol::expect-connection alice
 carol::swanctl --initiate --child alice 2> /dev/null
--- a/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/moon/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-cert/hosts/sun/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-cert/posttest.dat
@ -1,5 +1,5 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/net2net-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-cert/pretest.dat
@ -1,7 +1,7 @@
 moon::iptables-restore < /etc/iptables.rules
 sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
 moon::expect-connection gw-gw
 sun::expect-connection gw-gw
 moon::swanctl --initiate --child net-net 2> /dev/null
--- a/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/moon/etc/strongswan.conf
@ -1,16 +1,12 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds 
    conns = /usr/local/sbin/swanctl --load-conns
  }
  syslog {
    auth {
      default = 0
--- a/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-ed25519/hosts/sun/etc/strongswan.conf
@ -1,16 +1,12 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 pkcs8 curve25519 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 pkcs8 x509 revocation curve25519 curl kernel-netlink socket-default updown vici
  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds 
    conns = /usr/local/sbin/swanctl --load-conns
  }
  syslog {
    auth {
      default = 0
--- a/testing/tests/swanctl/net2net-ed25519/posttest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/posttest.dat
@ -1,6 +1,6 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
 moon::rm /etc/swanctl/pkcs8/*
--- a/testing/tests/swanctl/net2net-ed25519/pretest.dat
+++ b/testing/tests/swanctl/net2net-ed25519/pretest.dat
@ -2,8 +2,8 @@ moon::rm /etc/swanctl/rsa/moonKey.pem
 sun::rm /etc/swanctl/rsa/sunKey.pem
 moon::iptables-restore < /etc/iptables.rules
 sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
 moon::expect-connection gw-gw
 sun::expect-connection gw-gw
 moon::swanctl --initiate --child net-net 2> /dev/null
--- a/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/carol/etc/strongswan.conf
@ -4,11 +4,15 @@ swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/moon/etc/strongswan.conf
@ -4,11 +4,15 @@ swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-gw/hosts/sun/etc/strongswan.conf
@ -4,11 +4,15 @@ swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-gw/posttest.dat
+++ b/testing/tests/swanctl/net2net-gw/posttest.dat
@ -1,8 +1,8 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
 sun::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/net2net-gw/pretest.dat
+++ b/testing/tests/swanctl/net2net-gw/pretest.dat
@ -1,9 +1,9 @@
 moon::iptables-restore < /etc/iptables.rules
 sun::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
 carol::expect-connection gw-moon
 carol::expect-connection gw-sun
 moon::expect-connection gw-gw
--- a/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/moon/etc/strongswan.conf
@ -4,15 +4,19 @@ swanctl {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds
    conns = /usr/local/sbin/swanctl --load-conns
  }
  multiple_authentication = no
  syslog {
    daemon {
      default = 1
    }
    auth {
      default = 0
    }
  }
  plugins {
    forecast {
      groups = 224.0.0.251
--- a/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-multicast/hosts/sun/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac kernel-netlink socket-default forecast vici
  start-scripts {
    creds = /usr/local/sbin/swanctl --load-creds
    conns = /usr/local/sbin/swanctl --load-conns
  }
  multiple_authentication = no
  syslog {
    daemon {
      default = 1
    }
    auth {
      default = 0
    }
  }
  plugins {
    forecast {
      groups = 224.0.0.251
--- a/testing/tests/swanctl/net2net-multicast/posttest.dat
+++ b/testing/tests/swanctl/net2net-multicast/posttest.dat
@ -1,3 +1,3 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
--- a/testing/tests/swanctl/net2net-multicast/pretest.dat
+++ b/testing/tests/swanctl/net2net-multicast/pretest.dat
@ -1,7 +1,7 @@
 moon::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
 sun::echo 1 > /proc/sys/net/ipv4/igmp_max_memberships
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
 moon::expect-connection gw-gw
 sun::expect-connection gw-gw
 moon::swanctl --initiate --child net-net 2> /dev/null
--- a/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/moon/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-pubkey/hosts/sun/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce openssl pem pkcs1 pubkey kernel-netlink socket-default vici updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-pubkey/posttest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/posttest.dat
@ -1,6 +1,6 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
 moon::rm /etc/swanctl/pubkey/*
--- a/testing/tests/swanctl/net2net-pubkey/pretest.dat
+++ b/testing/tests/swanctl/net2net-pubkey/pretest.dat
@ -2,8 +2,8 @@ sun::iptables-restore < /etc/iptables.rules
 moon::iptables-restore < /etc/iptables.rules
 sun::cd /etc/swanctl; rm x509/* x509ca/*
 moon::cd /etc/swanctl; rm x509/* x509ca/*
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
 sun::expect-connection gw-gw
 moon::expect-connection gw-gw
 moon::swanctl --initiate --child net-net 2> /dev/null
--- a/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/moon/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-route/hosts/sun/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici 
+  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-route/posttest.dat
+++ b/testing/tests/swanctl/net2net-route/posttest.dat
@ -1,5 +1,5 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/net2net-route/pretest.dat
+++ b/testing/tests/swanctl/net2net-route/pretest.dat
@ -1,7 +1,7 @@
 sun::iptables-restore < /etc/iptables.rules
 moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
 sun::expect-connection gw-gw
 moon::expect-connection gw-gw
 alice::ping -c 3 -W 1 -i 0.2 PH_IP_BOB
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/moon/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/hosts/sun/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
-  load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici 
+  load = random nonce sha1 sha2 sha3 aes hmac pem pkcs1 x509 revocation constraints pubkey curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/posttest.dat
@ -1,5 +1,5 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
+++ b/testing/tests/swanctl/net2net-sha3-rsa-cert/pretest.dat
@ -1,7 +1,7 @@
 moon::iptables-restore < /etc/iptables.rules
 sun::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
 moon::expect-connection gw-gw
 sun::expect-connection gw-gw
 moon::swanctl --initiate --child net-net 2> /dev/null
--- a/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/moon/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
+++ b/testing/tests/swanctl/net2net-start/hosts/sun/etc/strongswan.conf
@ -1,14 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 hmac pem pkcs1 x509 revocation curve25519 gmp curl kernel-netlink socket-default updown vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/net2net-start/posttest.dat
+++ b/testing/tests/swanctl/net2net-start/posttest.dat
@ -1,5 +1,5 @@
 moon::swanctl --terminate --ike gw-gw 2> /dev/null
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
-sun::service charon stop 2> /dev/null
+sun::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 sun::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/net2net-start/pretest.dat
+++ b/testing/tests/swanctl/net2net-start/pretest.dat
@ -1,5 +1,5 @@
 sun::iptables-restore < /etc/iptables.rules
 moon::iptables-restore < /etc/iptables.rules
-sun::service charon start 2> /dev/null
+sun::systemctl start strongswan-swanctl
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
 moon::sleep 0.5
--- a/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/carol/etc/strongswan.conf
@ -1,16 +1,19 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-    auths = /usr/local/sbin/swanctl --load-authorities
+    }
    auth {
      default = 0
    }
  }
  plugins {
    revocation {
      enable_ocsp = no
    }
-  } 
+  }
 }
--- a/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-disabled/hosts/moon/etc/strongswan.conf
@ -1,12 +1,16 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
  plugins {
    revocation {
      enable_ocsp = no
--- a/testing/tests/swanctl/ocsp-disabled/posttest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/posttest.dat
@ -1,3 +1,3 @@
 carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
--- a/testing/tests/swanctl/ocsp-disabled/pretest.dat
+++ b/testing/tests/swanctl/ocsp-disabled/pretest.dat
@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/carol/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds
+    daemon {
-    auths = /usr/local/sbin/swanctl --load-authorities
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/dave/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    auths = /usr/local/sbin/swanctl --load-authorities
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-multi-level/hosts/moon/etc/strongswan.conf
@ -1,15 +1,18 @@
 # /etc/strongswan.conf - strongSwan configuration file
 swanctl {
-  load = pem pkcs1 x509 revocation constraints pubkey openssl random 
+  load = pem pkcs1 x509 revocation constraints pubkey openssl random
 }
-charon {
+charon-systemd {
  load = pem pkcs1 x509 revocation constraints pubkey openssl random nonce curl kernel-netlink socket-default vici
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    auths = /usr/local/sbin/swanctl --load-authorities
+      default = 1
-    conns = /usr/local/sbin/swanctl --load-conns
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ocsp-multi-level/posttest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/posttest.dat
@ -1,8 +1,8 @@
 carol::swanctl --terminate --ike home 2> /dev/null
 dave::swanctl --terminate --ike home 2> /dev/null
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-dave::service charon stop 2> /dev/null
+dave::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 carol::rm -r /etc/swanctl
 dave::rm -r /etc/swanctl
 moon::rm -r /etc/swanctl
--- a/testing/tests/swanctl/ocsp-multi-level/pretest.dat
+++ b/testing/tests/swanctl/ocsp-multi-level/pretest.dat
@ -1,6 +1,6 @@
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
-dave::service charon start 2> /dev/null
+dave::systemctl start strongswan-swanctl
 moon::expect-connection research
 carol::expect-connection home
 carol::swanctl --initiate --child alice 2> /dev/null
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/carol/etc/strongswan.conf
@ -1,11 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 md5 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-    auths = /usr/local/sbin/swanctl --load-authorities
+    }
-  } 
+    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/ocsp-signer-cert/hosts/moon/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/posttest.dat
@ -1,3 +1,3 @@
 carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
--- a/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
+++ b/testing/tests/swanctl/ocsp-signer-cert/pretest.dat
@ -1,5 +1,5 @@
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
 moon::expect-connection rw
 carol::expect-connection home
 carol::swanctl --initiate --child home
--- a/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/carol/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-dual/hosts/moon/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/testing/tests/swanctl/protoport-dual/posttest.dat
+++ b/testing/tests/swanctl/protoport-dual/posttest.dat
@ -1,5 +1,5 @@
 carol::swanctl --terminate --ike home
-carol::service charon stop 2> /dev/null
+carol::systemctl stop strongswan-swanctl
-moon::service charon stop 2> /dev/null
+moon::systemctl stop strongswan-swanctl
 moon::iptables-restore < /etc/iptables.flush
 carol::iptables-restore < /etc/iptables.flush
--- a/testing/tests/swanctl/protoport-dual/pretest.dat
+++ b/testing/tests/swanctl/protoport-dual/pretest.dat
@ -1,7 +1,7 @@
 moon::iptables-restore < /etc/iptables.rules
 carol::iptables-restore < /etc/iptables.rules
-moon::service charon start 2> /dev/null
+moon::systemctl start strongswan-swanctl
-carol::service charon start 2> /dev/null
+carol::systemctl start strongswan-swanctl
 moon::expect-connection icmp
 moon::expect-connection ssh
 carol::expect-connection icmp
--- a/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
+++ b/testing/tests/swanctl/protoport-range/hosts/carol/etc/strongswan.conf
@ -1,10 +1,14 @@
 # /etc/strongswan.conf - strongSwan configuration file
-charon {
+charon-systemd {
  load = random nonce aes sha1 sha2 pem pkcs1 curve25519 gmp x509 curl revocation hmac vici kernel-netlink socket-default updown
-  start-scripts {
+  syslog {
-    creds = /usr/local/sbin/swanctl --load-creds 
+    daemon {
-    conns = /usr/local/sbin/swanctl --load-conns
+      default = 1
-  } 
+    }
    auth {
      default = 0
    }
  }
 }
--- a/Show More
+++ b/Show More