While the alias is available after enabling the unit, we don't
actually do that in our testing environment (adding a symlink manually
would work too, then again, why not just use the proper name?).
We could make the same change for charon (actually setting it for charon
in strongswan.conf.testing would work for charon-systemd too), however,
there are dozens of test cases that currently set charondebug in
ipsec.conf.
The main difference is that ping now reports icmp_seq instead of
icmp_req, so we match for icmp_.eq, which works with both releases.
tcpdump now also reports port 4500 as ipsec-nat-t.
/usr/local/sbin is not included in PATH set by the charon init script and
since the ipsec script is obsolete when using swanctl it makes sense to
change this anyway.
Some fetcher plugins (such as curl) might build upon OpenSSL to implement
HTTPS fetching. As we set (and can't unset) threading callbacks in our
openssl plugin, we must ensure that OpenSSL functions don't get called after
openssl plugin unloading.
We achieve that by loading curl and all other fetcher plugins after the base
crypto plugins, including openssl.
