Cipher Server
Test suite to validate using one or multiple ciphers to protect DoH connection
TLS v1.3 Connection
Description
Sets up the DUT0 as a server, DUT1 as a client and ensures the communication between them is secured by TLS v1.3.
Scenario
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 49f1ad88a12ee9d7d2acc5f1be8e1c526fa803f3edb1ce34a8e7ac2004df5bb8 set service dns proxy server cert file 'running://dns.dut0.crt' set service dns proxy server cert key 'running://dns.dut0.key' set service dns static host-name teldat.com inet 10.11.12.13
Step 2: Set the following configuration in DUT1:
set service dns static host-name dns.dut0 inet 10.215.168.10 set system certificate trust running://CA.crt set service dns proxy server-name DUT0 set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0 set service dns proxy static DUT0 protocol dns-over-https host port 3000 set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10 set service dns proxy static DUT0 protocol dns-over-https hash fbb3cbbdb07b569a81c23b16af75d6ef77761a245627d64d7b209ed9ed7831b5 set service dns proxy log level 0 set service dns resolver local
Step 3: Run command system journal show | cat at DUT1 and expect this output:
Show output
-- Logs begin at Thu 2023-11-23 22:37:52 UTC, end at Thu 2023-11-23 22:37:59 UTC. -- Nov 23 22:37:52.352617 osdx systemd-journald[568]: Runtime journal (/run/log/journal/8bfa9c72be3e409aa4997490338b4bf3) is 1.2M, max 9.7M, 8.5M free. Nov 23 22:37:52.368499 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal clear'. Nov 23 22:37:53.544477 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:37:53.655707 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.20/24'. Nov 23 22:37:53.776128 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Nov 23 22:37:53.877250 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service ssh'. Nov 23 22:37:54.079273 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Nov 23 22:37:54.262587 osdx systemd[1]: Starting OpenBSD Secure Shell server... Nov 23 22:37:54.276645 osdx sshd[32694]: Server listening on 0.0.0.0 port 22. Nov 23 22:37:54.276951 osdx sshd[32694]: Server listening on :: port 22. Nov 23 22:37:54.277112 osdx systemd[1]: Started OpenBSD Secure Shell server. Nov 23 22:37:54.297505 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:37:54.350910 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:37:54.385241 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:37:54.570808 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'ping 10.215.168.10 count 1 size 56 timeout 1'. Nov 23 22:37:56.847254 osdx OSDxCLI[1387]: User 'admin' entered the configuration menu. Nov 23 22:37:57.010758 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns static host-name dns.dut0 inet 10.215.168.10'. Nov 23 22:37:57.118119 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set system certificate trust running://CA.crt'. Nov 23 22:37:57.241534 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy server-name DUT0'. Nov 23 22:37:57.339542 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host name dns.dut0'. Nov 23 22:37:57.455282 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https host port 3000'. Nov 23 22:37:57.599917 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https ip 10.215.168.10'. Nov 23 22:37:57.696188 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy static DUT0 protocol dns-over-https hash fbb3cbbdb07b569a81c23b16af75d6ef77761a245627d64d7b209ed9ed7831b5'. Nov 23 22:37:57.806798 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Nov 23 22:37:57.926580 osdx OSDxCLI[1387]: User 'admin' added a new cfg line: 'set service dns resolver local'. Nov 23 22:37:58.078826 osdx ca-certificates[32759]: Updating certificates in /etc/ssl/certs... Nov 23 22:37:58.836582 osdx ca-certificates[1309]: 1 added, 0 removed; done. Nov 23 22:37:58.842877 osdx ca-certificates[1315]: Running hooks in /etc/ca-certificates/update.d... Nov 23 22:37:58.848918 osdx ca-certificates[1319]: done. Nov 23 22:37:59.000767 osdx systemd[1]: Started DNSCrypt client proxy. Nov 23 22:37:59.003441 osdx cfgd[975]: [1387]Completed change to active configuration Nov 23 22:37:59.007533 osdx OSDxCLI[1387]: User 'admin' committed the configuration. Nov 23 22:37:59.035830 osdx OSDxCLI[1387]: User 'admin' left the configuration menu. Nov 23 22:37:59.310481 osdx dnscrypt-proxy[1372]: dnscrypt-proxy 2.0.45 Nov 23 22:37:59.310925 osdx dnscrypt-proxy[1372]: Network connectivity detected Nov 23 22:37:59.311402 osdx dnscrypt-proxy[1372]: Dropping privileges Nov 23 22:37:59.318187 osdx dnscrypt-proxy[1372]: Network connectivity detected Nov 23 22:37:59.318523 osdx dnscrypt-proxy[1372]: Now listening to 127.0.0.1:53 [UDP] Nov 23 22:37:59.318633 osdx dnscrypt-proxy[1372]: Now listening to 127.0.0.1:53 [TCP] Nov 23 22:37:59.318733 osdx dnscrypt-proxy[1372]: Firefox workaround initialized Nov 23 22:37:59.318816 osdx dnscrypt-proxy[1372]: Loading the set of cloaking rules from [/tmp/tmphIRPGg] Nov 23 22:37:59.320715 osdx OSDxCLI[1387]: User 'admin' executed a new command: 'system journal show | cat'. Nov 23 22:37:59.526368 osdx dnscrypt-proxy[1372]: [DUT0] TLS version: 304 - Protocol: h2 - Cipher suite: 4867 Nov 23 22:37:59.526543 osdx dnscrypt-proxy[1372]: [DUT0] OK (DoH) - rtt: 124ms Nov 23 22:37:59.526629 osdx dnscrypt-proxy[1372]: Server with the lowest initial latency: DUT0 (rtt: 124ms) Nov 23 22:37:59.526713 osdx dnscrypt-proxy[1372]: dnscrypt-proxy is ready - live servers: 1