Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-06-20 17:45:55 UTC, end at Thu 2024-06-20 17:46:06 UTC. -- Jun 20 17:45:55.423201 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:45:55.456331 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:45:56.106514 osdx osdx-coredump[3119]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:45:56.114896 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:45:57.043313 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:45:57.184338 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:45:57.272329 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:45:57.420598 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:45:57.518768 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:45:57.566840 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:45:57.594316 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:45:57.776935 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:45:57.965645 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:45:58.063735 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:45:58.156220 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:45:58.268272 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:45:58.365933 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:45:58.479128 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:45:58.605497 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 20 17:45:58.720626 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:45:58.854672 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:45:58.944825 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:45:59.093846 osdx ca-certificates[3233]: Updating certificates in /etc/ssl/certs... Jun 20 17:45:59.175191 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:45:59.175331 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:45:59.791928 osdx ca-certificates[4218]: 1 added, 0 removed; done. Jun 20 17:45:59.799354 osdx ca-certificates[4225]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:45:59.806352 osdx ca-certificates[4227]: done. Jun 20 17:45:59.906410 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:45:59.912976 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:45:59.920877 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:45:59.948409 osdx dnscrypt-proxy[4231]: dnscrypt-proxy 2.0.45 Jun 20 17:45:59.948495 osdx dnscrypt-proxy[4231]: Network connectivity detected Jun 20 17:45:59.948951 osdx dnscrypt-proxy[4231]: Dropping privileges Jun 20 17:45:59.955466 osdx dnscrypt-proxy[4231]: Network connectivity detected Jun 20 17:45:59.955524 osdx dnscrypt-proxy[4231]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:45:59.955534 osdx dnscrypt-proxy[4231]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:45:59.955576 osdx dnscrypt-proxy[4231]: Firefox workaround initialized Jun 20 17:45:59.955585 osdx dnscrypt-proxy[4231]: Loading the set of cloaking rules from [/tmp/tmpwu9jpl] Jun 20 17:45:59.966458 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:00.208432 osdx dnscrypt-proxy[4231]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 20 17:46:00.208465 osdx dnscrypt-proxy[4231]: [RD] OK (DoH) - rtt: 197ms Jun 20 17:46:00.208482 osdx dnscrypt-proxy[4231]: Server with the lowest initial latency: RD (rtt: 197ms) Jun 20 17:46:00.208490 osdx dnscrypt-proxy[4231]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:46:06.167623 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-06-20 17:46:15 UTC, end at Thu 2024-06-20 17:46:19 UTC. -- Jun 20 17:46:15.374501 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:15.411206 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:15.997359 osdx osdx-coredump[5865]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:46:16.005704 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:46:16.907547 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:17.027140 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:17.130323 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:17.284283 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:46:17.377853 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:17.416459 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:17.461236 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:17.662050 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:46:17.853423 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:17.963844 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:46:18.103210 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:46:18.223213 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:46:18.305162 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:46:18.402856 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:46:18.495921 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 20 17:46:18.588384 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:46:18.690869 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:18.801601 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:18.939344 osdx ca-certificates[5980]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:19.648496 osdx ca-certificates[6963]: 1 added, 0 removed; done. Jun 20 17:46:19.652958 osdx ca-certificates[6970]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:19.657695 osdx ca-certificates[6972]: done. Jun 20 17:46:19.733328 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:46:19.735697 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:19.739053 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:19.755036 osdx dnscrypt-proxy[6976]: dnscrypt-proxy 2.0.45 Jun 20 17:46:19.755159 osdx dnscrypt-proxy[6976]: Network connectivity detected Jun 20 17:46:19.755663 osdx dnscrypt-proxy[6976]: Dropping privileges Jun 20 17:46:19.758501 osdx dnscrypt-proxy[6976]: Network connectivity detected Jun 20 17:46:19.758561 osdx dnscrypt-proxy[6976]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:46:19.758572 osdx dnscrypt-proxy[6976]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:46:19.758607 osdx dnscrypt-proxy[6976]: Firefox workaround initialized Jun 20 17:46:19.758617 osdx dnscrypt-proxy[6976]: Loading the set of cloaking rules from [/tmp/tmpQ25gax] Jun 20 17:46:19.788293 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:19.920308 osdx dnscrypt-proxy[6976]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 20 17:46:19.920337 osdx dnscrypt-proxy[6976]: [RD] OK (DoH) - rtt: 125ms Jun 20 17:46:19.920350 osdx dnscrypt-proxy[6976]: Server with the lowest initial latency: RD (rtt: 125ms) Jun 20 17:46:19.920373 osdx dnscrypt-proxy[6976]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:46:19.943063 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-06-20 17:46:20 UTC, end at Thu 2024-06-20 17:46:25 UTC. -- Jun 20 17:46:20.269795 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:20.300868 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:20.722218 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:20.811956 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:46:20.930281 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:46:21.065160 osdx dnscrypt-proxy[6976]: Stopped. Jun 20 17:46:21.065215 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:46:21.066353 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:46:21.066670 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:46:21.175000 osdx ca-certificates[7056]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:46:21.570497 osdx ca-certificates[7613]: done. Jun 20 17:46:21.575505 osdx ca-certificates[7622]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:22.178239 osdx ca-certificates[8456]: 137 added, 0 removed; done. Jun 20 17:46:22.184482 osdx ca-certificates[8463]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:22.189333 osdx ca-certificates[8465]: done. Jun 20 17:46:22.230022 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:22.233498 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:22.259649 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:23.317863 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:23.673046 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:23.770525 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:46:23.864847 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:46:24.000843 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:46:24.069904 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:24.100927 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:46:24.197368 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:46:24.290951 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 20 17:46:24.391201 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:46:24.543736 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:24.629821 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:24.806908 osdx ca-certificates[8507]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:25.514440 osdx ca-certificates[9491]: 1 added, 0 removed; done. Jun 20 17:46:25.518789 osdx ca-certificates[9497]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:25.523522 osdx ca-certificates[9499]: done. Jun 20 17:46:25.544254 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:46:25.716151 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:46:25.718925 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:25.743594 osdx dnscrypt-proxy[9538]: dnscrypt-proxy 2.0.45 Jun 20 17:46:25.743690 osdx dnscrypt-proxy[9538]: Network connectivity detected Jun 20 17:46:25.744316 osdx dnscrypt-proxy[9538]: Dropping privileges Jun 20 17:46:25.746840 osdx dnscrypt-proxy[9538]: Network connectivity detected Jun 20 17:46:25.746898 osdx dnscrypt-proxy[9538]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:46:25.746909 osdx dnscrypt-proxy[9538]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:46:25.746945 osdx dnscrypt-proxy[9538]: Firefox workaround initialized Jun 20 17:46:25.746955 osdx dnscrypt-proxy[9538]: Loading the set of cloaking rules from [/tmp/tmpk25S8u] Jun 20 17:46:25.778444 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:25.826739 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:25.910969 osdx dnscrypt-proxy[9538]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 20 17:46:25.911013 osdx dnscrypt-proxy[9538]: [RD] OK (DoH) - rtt: 132ms Jun 20 17:46:25.911027 osdx dnscrypt-proxy[9538]: Server with the lowest initial latency: RD (rtt: 132ms) Jun 20 17:46:25.911037 osdx dnscrypt-proxy[9538]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:46:25.999632 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-06-20 17:46:26 UTC, end at Thu 2024-06-20 17:46:31 UTC. -- Jun 20 17:46:26.255698 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:26.288125 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:26.660912 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:26.753034 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:46:26.862571 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:46:26.996627 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:46:26.996642 osdx dnscrypt-proxy[9538]: Stopped. Jun 20 17:46:26.997999 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:46:26.998401 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:46:27.124829 osdx ca-certificates[9634]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:46:27.539941 osdx ca-certificates[10191]: done. Jun 20 17:46:27.545570 osdx ca-certificates[10200]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:28.142119 osdx ca-certificates[11036]: 137 added, 0 removed; done. Jun 20 17:46:28.149453 osdx ca-certificates[11042]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:28.156879 osdx ca-certificates[11044]: done. Jun 20 17:46:28.200788 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:28.204642 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:28.235140 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:29.108503 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:29.108636 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:29.649734 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:29.749580 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:46:29.866900 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:46:29.979881 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:46:30.057152 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:46:30.175315 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:46:30.264082 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 20 17:46:30.352283 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:46:30.459818 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:30.539222 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:30.698190 osdx ca-certificates[11086]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:31.362905 osdx ca-certificates[12074]: 1 added, 0 removed; done. Jun 20 17:46:31.367294 osdx ca-certificates[12081]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:31.371685 osdx ca-certificates[12083]: done. Jun 20 17:46:31.392278 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:46:31.531904 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:46:31.533729 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:31.561793 osdx dnscrypt-proxy[12122]: dnscrypt-proxy 2.0.45 Jun 20 17:46:31.561876 osdx dnscrypt-proxy[12122]: Network connectivity detected Jun 20 17:46:31.562204 osdx dnscrypt-proxy[12122]: Dropping privileges Jun 20 17:46:31.564876 osdx dnscrypt-proxy[12122]: Network connectivity detected Jun 20 17:46:31.564928 osdx dnscrypt-proxy[12122]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:46:31.564937 osdx dnscrypt-proxy[12122]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:46:31.564973 osdx dnscrypt-proxy[12122]: Firefox workaround initialized Jun 20 17:46:31.564982 osdx dnscrypt-proxy[12122]: Loading the set of cloaking rules from [/tmp/tmpahKWeH] Jun 20 17:46:31.586363 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:31.632916 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:31.730174 osdx dnscrypt-proxy[12122]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 20 17:46:31.730205 osdx dnscrypt-proxy[12122]: [RD] OK (DoH) - rtt: 124ms Jun 20 17:46:31.730219 osdx dnscrypt-proxy[12122]: Server with the lowest initial latency: RD (rtt: 124ms) Jun 20 17:46:31.730227 osdx dnscrypt-proxy[12122]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:46:31.801360 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-06-20 17:46:40 UTC, end at Thu 2024-06-20 17:46:44 UTC. -- Jun 20 17:46:40.366548 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:40.388262 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:40.987876 osdx osdx-coredump[13769]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:46:40.996156 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:46:41.827312 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:41.972986 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:42.058769 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:42.179813 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:46:42.281662 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:42.332721 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:42.376452 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:42.530612 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:46:42.724237 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:42.834769 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:46:42.957198 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:46:43.106708 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:46:43.218829 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:46:43.356076 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:46:43.473915 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:46:43.496718 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:43.496808 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:43.590361 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:46:43.689300 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:43.777333 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:43.909361 osdx ca-certificates[13884]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:44.591295 osdx ca-certificates[14867]: 1 added, 0 removed; done. Jun 20 17:46:44.595982 osdx ca-certificates[14874]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:44.600855 osdx ca-certificates[14876]: done. Jun 20 17:46:44.665327 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:46:44.667459 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:44.670623 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:44.685470 osdx dnscrypt-proxy[14880]: dnscrypt-proxy 2.0.45 Jun 20 17:46:44.685549 osdx dnscrypt-proxy[14880]: Network connectivity detected Jun 20 17:46:44.685874 osdx dnscrypt-proxy[14880]: Dropping privileges Jun 20 17:46:44.688863 osdx dnscrypt-proxy[14880]: Network connectivity detected Jun 20 17:46:44.688922 osdx dnscrypt-proxy[14880]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:46:44.688931 osdx dnscrypt-proxy[14880]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:46:44.688967 osdx dnscrypt-proxy[14880]: Firefox workaround initialized Jun 20 17:46:44.688976 osdx dnscrypt-proxy[14880]: Loading the set of cloaking rules from [/tmp/tmptHlws7] Jun 20 17:46:44.690062 osdx dnscrypt-proxy[14880]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 20 17:46:44.700164 osdx OSDxCLI[19773]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-06-20 17:46:53 UTC, end at Thu 2024-06-20 17:46:58 UTC. -- Jun 20 17:46:53.477714 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:53.506452 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:53.589151 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:54.167700 osdx osdx-coredump[16502]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:46:54.178792 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:46:55.148264 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:55.262151 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:55.370323 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:55.526118 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:46:55.627474 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:55.671259 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:55.703888 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:46:55.880286 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:46:56.075552 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:56.182013 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:46:56.304764 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:46:56.419576 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:46:56.524786 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:46:56.629200 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:46:56.725053 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:46:56.812790 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:46:56.914134 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:46:57.025117 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:46:57.187228 osdx ca-certificates[16616]: Updating certificates in /etc/ssl/certs... Jun 20 17:46:57.889936 osdx ca-certificates[17600]: 1 added, 0 removed; done. Jun 20 17:46:57.896080 osdx ca-certificates[17607]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:46:57.902241 osdx ca-certificates[17609]: done. Jun 20 17:46:57.993479 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:46:57.995804 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:46:57.999466 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:46:58.013156 osdx dnscrypt-proxy[17613]: dnscrypt-proxy 2.0.45 Jun 20 17:46:58.013550 osdx dnscrypt-proxy[17613]: Network connectivity detected Jun 20 17:46:58.013961 osdx dnscrypt-proxy[17613]: Dropping privileges Jun 20 17:46:58.017022 osdx dnscrypt-proxy[17613]: Network connectivity detected Jun 20 17:46:58.017080 osdx dnscrypt-proxy[17613]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:46:58.017090 osdx dnscrypt-proxy[17613]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:46:58.017123 osdx dnscrypt-proxy[17613]: Firefox workaround initialized Jun 20 17:46:58.017131 osdx dnscrypt-proxy[17613]: Loading the set of cloaking rules from [/tmp/tmpkmqUnj] Jun 20 17:46:58.018112 osdx dnscrypt-proxy[17613]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 20 17:46:58.028001 osdx OSDxCLI[19773]: User 'admin' left the configuration menu.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-06-20 17:46:58 UTC, end at Thu 2024-06-20 17:47:04 UTC. -- Jun 20 17:46:58.397661 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:46:58.427395 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:46:58.631209 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:58.633179 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:46:58.879052 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:46:58.972115 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:46:59.114574 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:46:59.207910 osdx dnscrypt-proxy[17613]: Stopped. Jun 20 17:46:59.207981 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:46:59.209579 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:46:59.210006 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:46:59.343013 osdx ca-certificates[17687]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:46:59.734774 osdx ca-certificates[18245]: done. Jun 20 17:46:59.740782 osdx ca-certificates[18255]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:00.451027 osdx ca-certificates[19088]: 137 added, 0 removed; done. Jun 20 17:47:00.456694 osdx ca-certificates[19095]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:00.462605 osdx ca-certificates[19097]: done. Jun 20 17:47:00.509434 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:00.512877 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:00.577146 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:02.174403 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:02.289563 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:02.413911 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:02.555261 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:02.691708 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:02.814973 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:02.955921 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 20 17:47:03.092372 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:03.238480 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:03.327290 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:03.482900 osdx ca-certificates[19144]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:04.212949 osdx ca-certificates[20130]: 1 added, 0 removed; done. Jun 20 17:47:04.218655 osdx ca-certificates[20137]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:04.225196 osdx ca-certificates[20139]: done. Jun 20 17:47:04.250136 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:04.423208 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:04.424872 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:04.466883 osdx dnscrypt-proxy[20178]: dnscrypt-proxy 2.0.45 Jun 20 17:47:04.466983 osdx dnscrypt-proxy[20178]: Network connectivity detected Jun 20 17:47:04.467490 osdx dnscrypt-proxy[20178]: Dropping privileges Jun 20 17:47:04.470971 osdx dnscrypt-proxy[20178]: Network connectivity detected Jun 20 17:47:04.471022 osdx dnscrypt-proxy[20178]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:04.471031 osdx dnscrypt-proxy[20178]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:04.471069 osdx dnscrypt-proxy[20178]: Firefox workaround initialized Jun 20 17:47:04.471078 osdx dnscrypt-proxy[20178]: Loading the set of cloaking rules from [/tmp/tmpQa1CPM] Jun 20 17:47:04.472239 osdx dnscrypt-proxy[20178]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 20 17:47:04.475293 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:04.504235 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:04.645351 osdx dnscrypt-proxy[20178]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 20 17:47:04.645379 osdx dnscrypt-proxy[20178]: [RD] OK (DoH) - rtt: 130ms Jun 20 17:47:04.645392 osdx dnscrypt-proxy[20178]: Server with the lowest initial latency: RD (rtt: 130ms) Jun 20 17:47:04.645403 osdx dnscrypt-proxy[20178]: dnscrypt-proxy is ready - live servers: 1
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Thu 2024-06-20 17:47:04 UTC, end at Thu 2024-06-20 17:47:10 UTC. -- Jun 20 17:47:04.941784 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:04.973966 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:05.433105 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:05.584909 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:05.728238 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:05.836223 osdx dnscrypt-proxy[20178]: Stopped. Jun 20 17:47:05.836298 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:05.837433 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:05.837747 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:05.969323 osdx ca-certificates[20267]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:06.366802 osdx ca-certificates[20825]: done. Jun 20 17:47:06.372604 osdx ca-certificates[20835]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:06.944943 osdx ca-certificates[21668]: 137 added, 0 removed; done. Jun 20 17:47:06.951080 osdx ca-certificates[21675]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:06.957175 osdx ca-certificates[21677]: done. Jun 20 17:47:07.003250 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:07.007137 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:07.035869 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:07.842319 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:08.511792 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:08.589349 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:08.611615 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:08.728858 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:08.847845 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:08.927443 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:09.037348 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:09.131780 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:47:09.223823 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 20 17:47:09.310330 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:09.416230 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:09.497617 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:09.693236 osdx ca-certificates[21719]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:10.441176 osdx ca-certificates[22703]: 1 added, 0 removed; done. Jun 20 17:47:10.445878 osdx ca-certificates[22710]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:10.452706 osdx ca-certificates[22712]: done. Jun 20 17:47:10.478084 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:10.633125 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:10.635193 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:10.663016 osdx dnscrypt-proxy[22751]: dnscrypt-proxy 2.0.45 Jun 20 17:47:10.663112 osdx dnscrypt-proxy[22751]: Network connectivity detected Jun 20 17:47:10.663558 osdx dnscrypt-proxy[22751]: Dropping privileges Jun 20 17:47:10.666776 osdx dnscrypt-proxy[22751]: Network connectivity detected Jun 20 17:47:10.667152 osdx dnscrypt-proxy[22751]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:10.667270 osdx dnscrypt-proxy[22751]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:10.667391 osdx dnscrypt-proxy[22751]: Firefox workaround initialized Jun 20 17:47:10.667493 osdx dnscrypt-proxy[22751]: Loading the set of cloaking rules from [/tmp/tmpSg4DaC] Jun 20 17:47:10.668947 osdx dnscrypt-proxy[22751]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Jun 20 17:47:10.694549 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:10.738081 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:10.843540 osdx dnscrypt-proxy[22751]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 20 17:47:10.843571 osdx dnscrypt-proxy[22751]: [RD] OK (DoH) - rtt: 130ms Jun 20 17:47:10.843588 osdx dnscrypt-proxy[22751]: Server with the lowest initial latency: RD (rtt: 130ms) Jun 20 17:47:10.843597 osdx dnscrypt-proxy[22751]: dnscrypt-proxy is ready - live servers: 1
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-06-20 17:47:20 UTC, end at Thu 2024-06-20 17:47:25 UTC. -- Jun 20 17:47:20.480540 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:20.510980 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:21.190031 osdx osdx-coredump[24389]: Deleting all coredumps in /opt/vyatta/etc/config/coredump... Jun 20 17:47:21.198171 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system coredump delete all'. Jun 20 17:47:22.129385 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:22.269963 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:22.355858 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:22.513032 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:22.610229 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:22.649265 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:22.676159 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:22.729218 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:22.869952 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Jun 20 17:47:23.157803 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:23.323876 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:23.476617 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:23.484107 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:23.708970 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:23.840121 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:23.983158 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:24.127931 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:47:24.252747 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 20 17:47:24.386677 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:24.526209 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:24.616545 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:24.756903 osdx ca-certificates[24505]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:25.451099 osdx ca-certificates[25490]: 1 added, 0 removed; done. Jun 20 17:47:25.457786 osdx ca-certificates[25496]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:25.462552 osdx ca-certificates[25498]: done. Jun 20 17:47:25.538840 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:25.541553 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:25.545547 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:25.558845 osdx dnscrypt-proxy[25502]: dnscrypt-proxy 2.0.45 Jun 20 17:47:25.558939 osdx dnscrypt-proxy[25502]: Network connectivity detected Jun 20 17:47:25.559274 osdx dnscrypt-proxy[25502]: Dropping privileges Jun 20 17:47:25.561946 osdx dnscrypt-proxy[25502]: Network connectivity detected Jun 20 17:47:25.562005 osdx dnscrypt-proxy[25502]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:25.562012 osdx dnscrypt-proxy[25502]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:25.562037 osdx dnscrypt-proxy[25502]: Firefox workaround initialized Jun 20 17:47:25.562043 osdx dnscrypt-proxy[25502]: Loading the set of cloaking rules from [/tmp/tmpO7aRsH] Jun 20 17:47:25.615445 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:25.715576 osdx dnscrypt-proxy[25502]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 20 17:47:25.715607 osdx dnscrypt-proxy[25502]: [RD] OK (DoH) - rtt: 116ms Jun 20 17:47:25.715621 osdx dnscrypt-proxy[25502]: Server with the lowest initial latency: RD (rtt: 116ms) Jun 20 17:47:25.715631 osdx dnscrypt-proxy[25502]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:25.790426 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-06-20 17:47:26 UTC, end at Thu 2024-06-20 17:47:32 UTC. -- Jun 20 17:47:26.116828 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:26.140978 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:26.566272 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:26.672755 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:26.816383 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:26.916259 osdx dnscrypt-proxy[25502]: Stopped. Jun 20 17:47:26.916357 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:26.917817 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:26.918228 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:27.026667 osdx ca-certificates[25582]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:27.436073 osdx ca-certificates[26140]: done. Jun 20 17:47:27.441946 osdx ca-certificates[26148]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:28.112933 osdx ca-certificates[26984]: 137 added, 0 removed; done. Jun 20 17:47:28.119634 osdx ca-certificates[26990]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:28.126346 osdx ca-certificates[26992]: done. Jun 20 17:47:28.174436 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:28.178183 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:28.221305 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:28.516173 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:28.518308 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:29.769136 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:29.897562 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:30.073468 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:30.211029 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:30.292747 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:30.398098 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:30.494276 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:47:30.590248 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 20 17:47:30.681751 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:30.797598 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:30.876147 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:31.007946 osdx ca-certificates[27035]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:31.706279 osdx ca-certificates[28019]: 1 added, 0 removed; done. Jun 20 17:47:31.711982 osdx ca-certificates[28025]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:31.716359 osdx ca-certificates[28027]: done. Jun 20 17:47:31.737042 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:31.896168 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:31.898612 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:31.916652 osdx dnscrypt-proxy[28066]: dnscrypt-proxy 2.0.45 Jun 20 17:47:31.916748 osdx dnscrypt-proxy[28066]: Network connectivity detected Jun 20 17:47:31.917203 osdx dnscrypt-proxy[28066]: Dropping privileges Jun 20 17:47:31.920512 osdx dnscrypt-proxy[28066]: Network connectivity detected Jun 20 17:47:31.920566 osdx dnscrypt-proxy[28066]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:31.920575 osdx dnscrypt-proxy[28066]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:31.920606 osdx dnscrypt-proxy[28066]: Firefox workaround initialized Jun 20 17:47:31.920616 osdx dnscrypt-proxy[28066]: Loading the set of cloaking rules from [/tmp/tmp2xkrAB] Jun 20 17:47:31.952516 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:31.997554 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:32.127584 osdx dnscrypt-proxy[28066]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 20 17:47:32.127614 osdx dnscrypt-proxy[28066]: [RD] OK (DoH) - rtt: 166ms Jun 20 17:47:32.127631 osdx dnscrypt-proxy[28066]: Server with the lowest initial latency: RD (rtt: 166ms) Jun 20 17:47:32.127643 osdx dnscrypt-proxy[28066]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:32.181593 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-06-20 17:47:32 UTC, end at Thu 2024-06-20 17:47:38 UTC. -- Jun 20 17:47:32.532707 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:32.566220 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:32.947545 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:33.043652 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:33.162540 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:33.250937 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:33.251102 osdx dnscrypt-proxy[28066]: Stopped. Jun 20 17:47:33.252531 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:33.252934 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:33.389374 osdx ca-certificates[28160]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:33.796050 osdx ca-certificates[28718]: done. Jun 20 17:47:33.801844 osdx ca-certificates[28727]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:34.392515 osdx ca-certificates[29563]: 137 added, 0 removed; done. Jun 20 17:47:34.398783 osdx ca-certificates[29570]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:34.403534 osdx ca-certificates[29572]: done. Jun 20 17:47:34.444577 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:34.448265 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:34.491618 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:35.924080 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:36.021942 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:36.142533 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:36.255123 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:36.351674 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:36.471385 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:36.569073 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Jun 20 17:47:36.681913 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 20 17:47:36.775880 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:36.896197 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:36.998262 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:37.167342 osdx ca-certificates[29615]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:37.731756 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:37.851630 osdx ca-certificates[30598]: 1 added, 0 removed; done. Jun 20 17:47:37.856316 osdx ca-certificates[30605]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:37.861917 osdx ca-certificates[30607]: done. Jun 20 17:47:37.881108 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:38.047474 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:38.049978 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:38.073808 osdx dnscrypt-proxy[30646]: dnscrypt-proxy 2.0.45 Jun 20 17:47:38.073893 osdx dnscrypt-proxy[30646]: Network connectivity detected Jun 20 17:47:38.074255 osdx dnscrypt-proxy[30646]: Dropping privileges Jun 20 17:47:38.077108 osdx dnscrypt-proxy[30646]: Network connectivity detected Jun 20 17:47:38.077153 osdx dnscrypt-proxy[30646]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:38.077160 osdx dnscrypt-proxy[30646]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:38.077187 osdx dnscrypt-proxy[30646]: Firefox workaround initialized Jun 20 17:47:38.077194 osdx dnscrypt-proxy[30646]: Loading the set of cloaking rules from [/tmp/tmpqaIovj] Jun 20 17:47:38.105842 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:38.149565 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:38.244239 osdx dnscrypt-proxy[30646]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 20 17:47:38.244267 osdx dnscrypt-proxy[30646]: [RD] OK (DoH) - rtt: 125ms Jun 20 17:47:38.244282 osdx dnscrypt-proxy[30646]: Server with the lowest initial latency: RD (rtt: 125ms) Jun 20 17:47:38.244293 osdx dnscrypt-proxy[30646]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:38.319834 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Thu 2024-06-20 17:47:38 UTC, end at Thu 2024-06-20 17:47:44 UTC. -- Jun 20 17:47:38.596078 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:38.626410 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:39.041347 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:39.148267 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:39.289994 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:39.407686 osdx dnscrypt-proxy[30646]: Stopped. Jun 20 17:47:39.407815 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:39.409480 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:39.409912 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:39.546376 osdx ca-certificates[30740]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:39.944859 osdx ca-certificates[31297]: done. Jun 20 17:47:39.951174 osdx ca-certificates[31307]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:40.518540 osdx ca-certificates[32141]: 137 added, 0 removed; done. Jun 20 17:47:40.522809 osdx ca-certificates[32147]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:40.527029 osdx ca-certificates[32149]: done. Jun 20 17:47:40.567078 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:40.570296 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:40.596661 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:41.989198 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:42.143980 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:42.314393 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:42.470695 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:42.563098 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:42.689757 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:42.781451 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 20 17:47:42.885542 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Jun 20 17:47:42.975941 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:43.088676 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:43.174987 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:43.313994 osdx ca-certificates[32192]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:43.517254 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:43.518342 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:43.981823 osdx ca-certificates[710]: 1 added, 0 removed; done. Jun 20 17:47:43.986243 osdx ca-certificates[717]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:43.990981 osdx ca-certificates[719]: done. Jun 20 17:47:44.013024 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:44.214087 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:44.216693 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:44.243667 osdx dnscrypt-proxy[762]: dnscrypt-proxy 2.0.45 Jun 20 17:47:44.243755 osdx dnscrypt-proxy[762]: Network connectivity detected Jun 20 17:47:44.244178 osdx dnscrypt-proxy[762]: Dropping privileges Jun 20 17:47:44.247474 osdx dnscrypt-proxy[762]: Network connectivity detected Jun 20 17:47:44.247847 osdx dnscrypt-proxy[762]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:44.247950 osdx dnscrypt-proxy[762]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:44.248067 osdx dnscrypt-proxy[762]: Firefox workaround initialized Jun 20 17:47:44.248165 osdx dnscrypt-proxy[762]: Loading the set of cloaking rules from [/tmp/tmpmkJYVk] Jun 20 17:47:44.269365 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:44.304663 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:44.420602 osdx dnscrypt-proxy[762]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Jun 20 17:47:44.420630 osdx dnscrypt-proxy[762]: [RD] OK (DoH) - rtt: 122ms Jun 20 17:47:44.420659 osdx dnscrypt-proxy[762]: Server with the lowest initial latency: RD (rtt: 122ms) Jun 20 17:47:44.420670 osdx dnscrypt-proxy[762]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:44.477888 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Thu 2024-06-20 17:47:44 UTC, end at Thu 2024-06-20 17:47:50 UTC. -- Jun 20 17:47:44.781175 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:44.795149 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:45.250257 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:45.346977 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:45.486430 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:45.591766 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:45.592041 osdx dnscrypt-proxy[762]: Stopped. Jun 20 17:47:45.593276 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:45.593583 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:45.721682 osdx ca-certificates[857]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:46.142737 osdx ca-certificates[1443]: done. Jun 20 17:47:46.149105 osdx ca-certificates[1454]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:46.809733 osdx ca-certificates[2289]: 137 added, 0 removed; done. Jun 20 17:47:46.814525 osdx ca-certificates[2296]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:46.819450 osdx ca-certificates[2298]: done. Jun 20 17:47:46.864204 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:46.868113 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:46.899813 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:48.335487 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:48.480510 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:48.582928 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:48.726861 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:48.821362 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:48.937324 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:49.047652 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 20 17:47:49.169766 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Jun 20 17:47:49.260803 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:49.383079 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:49.476774 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:49.642434 osdx ca-certificates[2341]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:50.031737 osdx systemd[1]: systemd-timedated.service: Succeeded. Jun 20 17:47:50.391711 osdx ca-certificates[3327]: 1 added, 0 removed; done. Jun 20 17:47:50.398251 osdx ca-certificates[3334]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:50.404167 osdx ca-certificates[3336]: done. Jun 20 17:47:50.425060 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:50.610611 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:50.613417 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:50.631998 osdx dnscrypt-proxy[3375]: dnscrypt-proxy 2.0.45 Jun 20 17:47:50.632095 osdx dnscrypt-proxy[3375]: Network connectivity detected Jun 20 17:47:50.632557 osdx dnscrypt-proxy[3375]: Dropping privileges Jun 20 17:47:50.635829 osdx dnscrypt-proxy[3375]: Network connectivity detected Jun 20 17:47:50.635883 osdx dnscrypt-proxy[3375]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:50.635894 osdx dnscrypt-proxy[3375]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:50.635926 osdx dnscrypt-proxy[3375]: Firefox workaround initialized Jun 20 17:47:50.635935 osdx dnscrypt-proxy[3375]: Loading the set of cloaking rules from [/tmp/tmpRjZtqT] Jun 20 17:47:50.665625 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:50.715244 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:50.801925 osdx dnscrypt-proxy[3375]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Jun 20 17:47:50.801952 osdx dnscrypt-proxy[3375]: [RD] OK (DoH) - rtt: 123ms Jun 20 17:47:50.801967 osdx dnscrypt-proxy[3375]: Server with the lowest initial latency: RD (rtt: 123ms) Jun 20 17:47:50.801977 osdx dnscrypt-proxy[3375]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:50.883371 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.64/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Thu 2024-06-20 17:47:51 UTC, end at Thu 2024-06-20 17:47:58 UTC. -- Jun 20 17:47:51.306978 osdx systemd-journald[1713]: Runtime journal (/run/log/journal/4bdaa9d5a32b43918ba3b0d5647305f4) is 2.0M, max 16.0M, 14.0M free. Jun 20 17:47:51.338154 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'system journal clear'. Jun 20 17:47:51.811173 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:51.924213 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'delete'. Jun 20 17:47:52.097599 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Jun 20 17:47:52.204864 osdx dnscrypt-proxy[3375]: Stopped. Jun 20 17:47:52.204927 osdx systemd[1]: Stopping DNSCrypt client proxy... Jun 20 17:47:52.206472 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Jun 20 17:47:52.206880 osdx systemd[1]: Stopped DNSCrypt client proxy. Jun 20 17:47:52.322942 osdx ca-certificates[3470]: Clearing symlinks in /etc/ssl/certs... Jun 20 17:47:52.732114 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:52.739061 osdx ca-certificates[4027]: done. Jun 20 17:47:52.744696 osdx ca-certificates[4037]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:53.436739 osdx ca-certificates[4872]: 137 added, 0 removed; done. Jun 20 17:47:53.443401 osdx ca-certificates[4878]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:53.450189 osdx ca-certificates[4880]: done. Jun 20 17:47:53.477171 osdx zebra[1282]: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]): Jun 20 17:47:53.491831 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:53.495474 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:53.531680 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:55.361402 osdx OSDxCLI[19773]: User 'admin' entered the configuration menu. Jun 20 17:47:55.458252 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Jun 20 17:47:55.552929 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Jun 20 17:47:55.676045 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Jun 20 17:47:55.786869 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Jun 20 17:47:55.902766 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash ec4467518bda940b10464a7630c570e7717035cc032e5ae3bec7c4f937f00d8e'. Jun 20 17:47:56.000612 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Jun 20 17:47:56.169111 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Jun 20 17:47:56.252574 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Jun 20 17:47:56.400454 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.64/24'. Jun 20 17:47:56.494520 osdx OSDxCLI[19773]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Jun 20 17:47:56.658962 osdx ca-certificates[4923]: Updating certificates in /etc/ssl/certs... Jun 20 17:47:57.408567 osdx ca-certificates[5907]: 1 added, 0 removed; done. Jun 20 17:47:57.415461 osdx ca-certificates[5914]: Running hooks in /etc/ca-certificates/update.d... Jun 20 17:47:57.422257 osdx ca-certificates[5916]: done. Jun 20 17:47:57.449021 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Jun 20 17:47:57.651973 osdx systemd[1]: Started DNSCrypt client proxy. Jun 20 17:47:57.654815 osdx cfgd[1341]: [19773]Completed change to active configuration Jun 20 17:47:57.697259 osdx dnscrypt-proxy[5955]: dnscrypt-proxy 2.0.45 Jun 20 17:47:57.697753 osdx dnscrypt-proxy[5955]: Network connectivity detected Jun 20 17:47:57.698292 osdx dnscrypt-proxy[5955]: Dropping privileges Jun 20 17:47:57.705080 osdx dnscrypt-proxy[5955]: Network connectivity detected Jun 20 17:47:57.705462 osdx dnscrypt-proxy[5955]: Now listening to 127.0.0.1:53 [UDP] Jun 20 17:47:57.705545 osdx dnscrypt-proxy[5955]: Now listening to 127.0.0.1:53 [TCP] Jun 20 17:47:57.705648 osdx dnscrypt-proxy[5955]: Firefox workaround initialized Jun 20 17:47:57.705721 osdx dnscrypt-proxy[5955]: Loading the set of cloaking rules from [/tmp/tmpX_jxMs] Jun 20 17:47:57.737546 osdx OSDxCLI[19773]: User 'admin' committed the configuration. Jun 20 17:47:57.812758 osdx OSDxCLI[19773]: User 'admin' left the configuration menu. Jun 20 17:47:57.905038 osdx dnscrypt-proxy[5955]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Jun 20 17:47:57.905067 osdx dnscrypt-proxy[5955]: [RD] OK (DoH) - rtt: 132ms Jun 20 17:47:57.905084 osdx dnscrypt-proxy[5955]: Server with the lowest initial latency: RD (rtt: 132ms) Jun 20 17:47:57.905095 osdx dnscrypt-proxy[5955]: dnscrypt-proxy is ready - live servers: 1 Jun 20 17:47:58.054172 osdx OSDxCLI[19773]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.