Hello, I was able to make the libunbound configuration working, with the help from Wouter, the unbound developer, and Paul. The correct order of options is:
ub_ctx_set_option(dns_ctx, "outgoing-port-avoid:", "0-65535"); ub_ctx_set_option(dns_ctx, "outgoing-port-permit:", "32768-60999"); I would prefer making this configurable rather than hardcoding it, and ideally as part of the ipsec.conf file. Another, less preferred option from my perspective, might be introducing unbound configuration in a dedicated location. This would allow more tweaking, but as said eariler, this would require further SELinux policy changes. Cheers, Stepan _______________________________________________ Swan-dev mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan-dev
