Cipher
Test suite to validate using one or multiple ciphers to protect DoH connection
Single Valid Cipher
Description
Configures a single, valid cipher and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-04-23 16:41:49 UTC, end at Tue 2024-04-23 16:41:57 UTC. -- Apr 23 16:41:49.273404 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:41:49.281793 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:41:49.503049 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:41:49.556955 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:41:49.647401 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:41:49.723261 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:41:49.792489 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:41:49.821992 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:41:49.837575 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:41:49.963480 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:41:50.107676 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:41:50.160803 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:41:50.251723 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:41:50.305173 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:41:50.385326 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:41:50.438910 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:41:50.526245 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 23 16:41:50.572997 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:41:50.659661 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:41:50.711180 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:41:50.841497 osdx ca-certificates[24615]: Updating certificates in /etc/ssl/certs... Apr 23 16:41:51.270840 osdx ca-certificates[25597]: 1 added, 0 removed; done. Apr 23 16:41:51.274604 osdx ca-certificates[25602]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:41:51.278007 osdx ca-certificates[25606]: done. Apr 23 16:41:51.325372 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:41:51.327011 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:41:51.329773 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:41:51.344273 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:41:51.534225 osdx dnscrypt-proxy[25611]: dnscrypt-proxy 2.0.45 Apr 23 16:41:51.534552 osdx dnscrypt-proxy[25611]: Network connectivity detected Apr 23 16:41:51.534829 osdx dnscrypt-proxy[25611]: Dropping privileges Apr 23 16:41:51.536629 osdx dnscrypt-proxy[25611]: Network connectivity detected Apr 23 16:41:51.536903 osdx dnscrypt-proxy[25611]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:41:51.536908 osdx dnscrypt-proxy[25611]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:41:51.536925 osdx dnscrypt-proxy[25611]: Firefox workaround initialized Apr 23 16:41:51.536929 osdx dnscrypt-proxy[25611]: Loading the set of cloaking rules from [/tmp/tmpWYJuOQ] Apr 23 16:41:51.750963 osdx dnscrypt-proxy[25611]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 23 16:41:51.751106 osdx dnscrypt-proxy[25611]: [RD] OK (DoH) - rtt: 134ms Apr 23 16:41:51.751147 osdx dnscrypt-proxy[25611]: Server with the lowest initial latency: RD (rtt: 134ms) Apr 23 16:41:51.751185 osdx dnscrypt-proxy[25611]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:41:57.518978 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Multiple Valid Cipher
Description
Configures a valid cipher each time, and tries to communicate with the server. No refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-04-23 16:42:03 UTC, end at Tue 2024-04-23 16:42:11 UTC. -- Apr 23 16:42:03.290550 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:03.299912 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:03.541553 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:03.638738 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:03.689777 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:03.803115 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:03.861832 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:03.888844 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:03.907364 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:04.043285 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:42:04.194721 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:04.248723 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:04.340540 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:04.395537 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:04.488547 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:04.545075 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:04.634529 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 23 16:42:04.684957 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:04.778988 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:04.831322 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:04.955804 osdx ca-certificates[27332]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:05.415657 osdx ca-certificates[28316]: 1 added, 0 removed; done. Apr 23 16:42:05.419996 osdx ca-certificates[28319]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:05.423850 osdx ca-certificates[28323]: done. Apr 23 16:42:05.469373 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:05.471763 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:05.480279 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:05.488921 osdx dnscrypt-proxy[28328]: dnscrypt-proxy 2.0.45 Apr 23 16:42:05.489175 osdx dnscrypt-proxy[28328]: Network connectivity detected Apr 23 16:42:05.490608 osdx dnscrypt-proxy[28328]: Dropping privileges Apr 23 16:42:05.492282 osdx dnscrypt-proxy[28328]: Network connectivity detected Apr 23 16:42:05.492471 osdx dnscrypt-proxy[28328]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:05.492518 osdx dnscrypt-proxy[28328]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:05.492571 osdx dnscrypt-proxy[28328]: Firefox workaround initialized Apr 23 16:42:05.492615 osdx dnscrypt-proxy[28328]: Loading the set of cloaking rules from [/tmp/tmpiF3O2Y] Apr 23 16:42:05.495540 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:05.635478 osdx dnscrypt-proxy[28328]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 23 16:42:05.635491 osdx dnscrypt-proxy[28328]: [RD] OK (DoH) - rtt: 119ms Apr 23 16:42:05.635499 osdx dnscrypt-proxy[28328]: Server with the lowest initial latency: RD (rtt: 119ms) Apr 23 16:42:05.635504 osdx dnscrypt-proxy[28328]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:42:11.635025 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-04-23 16:42:11 UTC, end at Tue 2024-04-23 16:42:21 UTC. -- Apr 23 16:42:11.819805 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:11.828679 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:12.101004 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:12.154733 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:42:12.258901 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:42:12.310203 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:42:12.310748 osdx dnscrypt-proxy[28328]: Stopped. Apr 23 16:42:12.311493 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:42:12.311774 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:42:12.380962 osdx ca-certificates[28401]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:42:12.587743 osdx ca-certificates[28959]: done. Apr 23 16:42:12.592792 osdx ca-certificates[28964]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:12.949205 osdx ca-certificates[29802]: 137 added, 0 removed; done. Apr 23 16:42:12.953287 osdx ca-certificates[29805]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:12.957133 osdx ca-certificates[29809]: done. Apr 23 16:42:12.985221 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:12.987854 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:13.002799 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:13.970444 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:14.066303 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:14.116629 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:14.210458 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:14.260411 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:14.353379 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:14.401845 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 23 16:42:14.490757 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:14.543068 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:14.631942 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:14.701191 osdx ca-certificates[29856]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:15.070942 osdx ca-certificates[30840]: 1 added, 0 removed; done. Apr 23 16:42:15.074860 osdx ca-certificates[30843]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:15.078407 osdx ca-certificates[30847]: done. Apr 23 16:42:15.099113 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:15.200546 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:15.202634 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:15.227863 osdx dnscrypt-proxy[30907]: dnscrypt-proxy 2.0.45 Apr 23 16:42:15.228168 osdx dnscrypt-proxy[30907]: Network connectivity detected Apr 23 16:42:15.230579 osdx dnscrypt-proxy[30907]: Dropping privileges Apr 23 16:42:15.235949 osdx dnscrypt-proxy[30907]: Network connectivity detected Apr 23 16:42:15.236215 osdx dnscrypt-proxy[30907]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:15.236266 osdx dnscrypt-proxy[30907]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:15.236357 osdx dnscrypt-proxy[30907]: Firefox workaround initialized Apr 23 16:42:15.236394 osdx dnscrypt-proxy[30907]: Loading the set of cloaking rules from [/tmp/tmpV7FSDt] Apr 23 16:42:15.253082 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:15.288084 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:15.487389 osdx dnscrypt-proxy[30907]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 23 16:42:15.487403 osdx dnscrypt-proxy[30907]: [RD] OK (DoH) - rtt: 197ms Apr 23 16:42:15.487411 osdx dnscrypt-proxy[30907]: Server with the lowest initial latency: RD (rtt: 197ms) Apr 23 16:42:15.487415 osdx dnscrypt-proxy[30907]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:42:21.413999 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-04-23 16:42:21 UTC, end at Tue 2024-04-23 16:42:31 UTC. -- Apr 23 16:42:21.594512 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:21.602440 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:21.868188 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:21.919955 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:42:22.021874 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:42:22.072462 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:42:22.072988 osdx dnscrypt-proxy[30907]: Stopped. Apr 23 16:42:22.073703 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:42:22.073954 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:42:22.141957 osdx ca-certificates[30997]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:42:22.334135 osdx ca-certificates[31555]: done. Apr 23 16:42:22.338528 osdx ca-certificates[31560]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:22.680459 osdx ca-certificates[32398]: 137 added, 0 removed; done. Apr 23 16:42:22.684040 osdx ca-certificates[32401]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:22.687257 osdx ca-certificates[32405]: done. Apr 23 16:42:22.714168 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:22.716558 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:22.730619 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:23.720405 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:23.774855 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:23.867168 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:23.922675 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:24.013047 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:24.068408 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:24.154161 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 23 16:42:24.201969 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:24.292816 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:24.343132 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:24.456090 osdx ca-certificates[32452]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:24.819657 osdx ca-certificates[981]: 1 added, 0 removed; done. Apr 23 16:42:24.823342 osdx ca-certificates[984]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:24.826794 osdx ca-certificates[988]: done. Apr 23 16:42:24.847110 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:24.943383 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:24.945446 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:24.971855 osdx dnscrypt-proxy[1049]: dnscrypt-proxy 2.0.45 Apr 23 16:42:24.972119 osdx dnscrypt-proxy[1049]: Network connectivity detected Apr 23 16:42:24.973254 osdx dnscrypt-proxy[1049]: Dropping privileges Apr 23 16:42:24.979873 osdx dnscrypt-proxy[1049]: Network connectivity detected Apr 23 16:42:24.982511 osdx dnscrypt-proxy[1049]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:24.982516 osdx dnscrypt-proxy[1049]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:24.982536 osdx dnscrypt-proxy[1049]: Firefox workaround initialized Apr 23 16:42:24.982540 osdx dnscrypt-proxy[1049]: Loading the set of cloaking rules from [/tmp/tmp5srqcF] Apr 23 16:42:24.989655 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:25.009343 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:25.160699 osdx dnscrypt-proxy[1049]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 23 16:42:25.160711 osdx dnscrypt-proxy[1049]: [RD] OK (DoH) - rtt: 136ms Apr 23 16:42:25.160718 osdx dnscrypt-proxy[1049]: Server with the lowest initial latency: RD (rtt: 136ms) Apr 23 16:42:25.160722 osdx dnscrypt-proxy[1049]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:42:31.130543 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Single Invalid Cipher
Description
Configures a single, invalid cipher and tries to communicate with the server. A refusal of the proposed cipher is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-04-23 16:42:36 UTC, end at Tue 2024-04-23 16:42:38 UTC. -- Apr 23 16:42:36.000200 osdx systemd-timedated[2687]: Changed local time to Tue Apr 23 16:42:36 2024 Apr 23 16:42:36.001575 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'set date 2024-04-23 16:42:36'. Apr 23 16:42:36.251127 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 4.0M, max 16.0M, 12.0M free. Apr 23 16:42:36.259067 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:36.481663 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:36.584672 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:36.641036 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:36.764845 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:36.828432 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:36.859255 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:36.877135 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:37.014082 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:42:37.132097 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:37.191579 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:37.286839 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:37.345736 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:37.439337 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:37.494256 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:37.581926 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:42:37.631726 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:37.723426 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:37.776890 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:37.884670 osdx ca-certificates[2816]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:38.255982 osdx ca-certificates[3800]: 1 added, 0 removed; done. Apr 23 16:42:38.259726 osdx ca-certificates[3803]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:38.263006 osdx ca-certificates[3807]: done. Apr 23 16:42:38.304758 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:38.306653 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:38.313919 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:38.323746 osdx dnscrypt-proxy[3812]: dnscrypt-proxy 2.0.45 Apr 23 16:42:38.323979 osdx dnscrypt-proxy[3812]: Network connectivity detected Apr 23 16:42:38.324233 osdx dnscrypt-proxy[3812]: Dropping privileges Apr 23 16:42:38.325769 osdx dnscrypt-proxy[3812]: Network connectivity detected Apr 23 16:42:38.325942 osdx dnscrypt-proxy[3812]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:38.325980 osdx dnscrypt-proxy[3812]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:38.326034 osdx dnscrypt-proxy[3812]: Firefox workaround initialized Apr 23 16:42:38.326067 osdx dnscrypt-proxy[3812]: Loading the set of cloaking rules from [/tmp/tmppf7sO9] Apr 23 16:42:38.328245 osdx dnscrypt-proxy[3812]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 23 16:42:38.328785 osdx OSDxCLI[1600]: User 'admin' left the configuration menu.
Multiple Invalid Cipher
Description
Configures either one or two invalid ciphers and tries to communicate with the server. A refusal of all proposed ciphers is expected.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-04-23 16:42:44 UTC, end at Tue 2024-04-23 16:42:46 UTC. -- Apr 23 16:42:44.264572 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:44.272840 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:44.483493 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:44.574874 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:44.622227 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:44.734835 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:44.791710 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:44.818020 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:44.834406 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:44.964868 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:42:45.105409 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:45.159729 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:45.248743 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:45.303097 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:45.392125 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:45.445036 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:45.533637 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:42:45.582966 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:45.675786 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:45.727459 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:45.839502 osdx ca-certificates[5522]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:46.248085 osdx ca-certificates[6506]: 1 added, 0 removed; done. Apr 23 16:42:46.252205 osdx ca-certificates[6509]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:46.256250 osdx ca-certificates[6513]: done. Apr 23 16:42:46.301308 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:46.303555 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:46.311921 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:46.320979 osdx dnscrypt-proxy[6518]: dnscrypt-proxy 2.0.45 Apr 23 16:42:46.321250 osdx dnscrypt-proxy[6518]: Network connectivity detected Apr 23 16:42:46.321633 osdx dnscrypt-proxy[6518]: Dropping privileges Apr 23 16:42:46.324488 osdx dnscrypt-proxy[6518]: Network connectivity detected Apr 23 16:42:46.324693 osdx dnscrypt-proxy[6518]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:46.324747 osdx dnscrypt-proxy[6518]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:46.324799 osdx dnscrypt-proxy[6518]: Firefox workaround initialized Apr 23 16:42:46.324839 osdx dnscrypt-proxy[6518]: Loading the set of cloaking rules from [/tmp/tmpfaKYmM] Apr 23 16:42:46.327462 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:46.327825 osdx dnscrypt-proxy[6518]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-04-23 16:42:46 UTC, end at Tue 2024-04-23 16:42:49 UTC. -- Apr 23 16:42:46.528523 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:46.537211 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:46.764502 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:46.853337 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:42:46.914825 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:42:46.999460 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:42:46.999908 osdx dnscrypt-proxy[6518]: Stopped. Apr 23 16:42:47.000559 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:42:47.000834 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:42:47.065947 osdx ca-certificates[6585]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:42:47.262154 osdx ca-certificates[7143]: done. Apr 23 16:42:47.267023 osdx ca-certificates[7148]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:47.595382 osdx ca-certificates[7986]: 137 added, 0 removed; done. Apr 23 16:42:47.599026 osdx ca-certificates[7989]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:47.602383 osdx ca-certificates[7993]: done. Apr 23 16:42:47.628673 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:47.631178 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:47.645310 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:48.648445 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:48.702302 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:48.789842 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:48.840854 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:48.932348 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:48.986755 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:49.073897 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 23 16:42:49.120950 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:49.214934 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:49.267463 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:49.388358 osdx ca-certificates[8040]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:49.773081 osdx ca-certificates[9024]: 1 added, 0 removed; done. Apr 23 16:42:49.776752 osdx ca-certificates[9027]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:49.780086 osdx ca-certificates[9031]: done. Apr 23 16:42:49.798930 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:49.897134 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:49.898968 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:49.923538 osdx dnscrypt-proxy[9091]: dnscrypt-proxy 2.0.45 Apr 23 16:42:49.923790 osdx dnscrypt-proxy[9091]: Network connectivity detected Apr 23 16:42:49.926451 osdx dnscrypt-proxy[9091]: Dropping privileges Apr 23 16:42:49.932294 osdx dnscrypt-proxy[9091]: Network connectivity detected Apr 23 16:42:49.932481 osdx dnscrypt-proxy[9091]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:49.932518 osdx dnscrypt-proxy[9091]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:49.932567 osdx dnscrypt-proxy[9091]: Firefox workaround initialized Apr 23 16:42:49.932628 osdx dnscrypt-proxy[9091]: Loading the set of cloaking rules from [/tmp/tmpOeJH_N] Apr 23 16:42:49.935829 osdx dnscrypt-proxy[9091]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 23 16:42:49.941006 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:49.970020 osdx OSDxCLI[1600]: User 'admin' left the configuration menu.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration fileShow output
-- Logs begin at Tue 2024-04-23 16:42:50 UTC, end at Tue 2024-04-23 16:42:53 UTC. -- Apr 23 16:42:50.172853 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:50.181099 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:50.248639 osdx dnscrypt-proxy[9091]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 23 16:42:50.248652 osdx dnscrypt-proxy[9091]: [RD] OK (DoH) - rtt: 273ms Apr 23 16:42:50.248660 osdx dnscrypt-proxy[9091]: Server with the lowest initial latency: RD (rtt: 273ms) Apr 23 16:42:50.248665 osdx dnscrypt-proxy[9091]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:42:50.425860 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:50.474863 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:42:50.577670 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:42:50.625445 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:42:50.625859 osdx dnscrypt-proxy[9091]: Stopped. Apr 23 16:42:50.626402 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:42:50.626717 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:42:50.687461 osdx ca-certificates[9173]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:42:50.876014 osdx ca-certificates[9731]: done. Apr 23 16:42:50.880407 osdx ca-certificates[9736]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:51.202338 osdx ca-certificates[10574]: 137 added, 0 removed; done. Apr 23 16:42:51.205837 osdx ca-certificates[10577]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:51.209146 osdx ca-certificates[10581]: done. Apr 23 16:42:51.235940 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:51.238453 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:51.252362 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:52.211871 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:52.263686 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:42:52.360478 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:42:52.412010 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:42:52.505131 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:42:52.555927 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:42:52.641408 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:42:52.693159 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 23 16:42:52.773094 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:42:52.857133 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:52.938597 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:53.042157 osdx ca-certificates[10629]: Updating certificates in /etc/ssl/certs... Apr 23 16:42:53.438564 osdx ca-certificates[11613]: 1 added, 0 removed; done. Apr 23 16:42:53.442394 osdx ca-certificates[11616]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:42:53.445849 osdx ca-certificates[11620]: done. Apr 23 16:42:53.470835 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:53.584872 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:42:53.587023 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:53.615712 osdx dnscrypt-proxy[11680]: dnscrypt-proxy 2.0.45 Apr 23 16:42:53.615964 osdx dnscrypt-proxy[11680]: Network connectivity detected Apr 23 16:42:53.616234 osdx dnscrypt-proxy[11680]: Dropping privileges Apr 23 16:42:53.623500 osdx dnscrypt-proxy[11680]: Network connectivity detected Apr 23 16:42:53.623701 osdx dnscrypt-proxy[11680]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:42:53.623739 osdx dnscrypt-proxy[11680]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:42:53.623786 osdx dnscrypt-proxy[11680]: Firefox workaround initialized Apr 23 16:42:53.623816 osdx dnscrypt-proxy[11680]: Loading the set of cloaking rules from [/tmp/tmpMdiV_w] Apr 23 16:42:53.625281 osdx dnscrypt-proxy[11680]: TLS handshake failure - Try changing or deleting the tls_cipher_suite value in the configuration file Apr 23 16:42:53.636149 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:53.654113 osdx OSDxCLI[1600]: User 'admin' left the configuration menu.
Invalid Cipher With Fallback
Description
Configures an invalid cipher and a valid fallback one. It then tries to communicate with the server. No refusal of the cipher is expected, as long as the valid one proposed is used.
Scenario
Example 1
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-04-23 16:42:59 UTC, end at Tue 2024-04-23 16:43:07 UTC. -- Apr 23 16:42:59.266771 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:42:59.274762 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:42:59.483954 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:42:59.578269 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:42:59.626088 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:42:59.739007 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:42:59.800194 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:42:59.826065 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:42:59.851563 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:42:59.985350 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'ping 10.215.168.1 count 1 size 56 timeout 1'. Apr 23 16:43:00.131768 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:00.188921 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:00.279234 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:00.336927 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:00.424147 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:00.474854 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:00.560413 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:43:00.611596 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 23 16:43:00.701243 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:00.751898 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:00.850870 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:00.915137 osdx ca-certificates[13406]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:01.317337 osdx ca-certificates[14390]: 1 added, 0 removed; done. Apr 23 16:43:01.321493 osdx ca-certificates[14393]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:01.325364 osdx ca-certificates[14397]: done. Apr 23 16:43:01.372317 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:01.374443 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:01.380038 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:01.392426 osdx dnscrypt-proxy[14402]: dnscrypt-proxy 2.0.45 Apr 23 16:43:01.392680 osdx dnscrypt-proxy[14402]: Network connectivity detected Apr 23 16:43:01.392966 osdx dnscrypt-proxy[14402]: Dropping privileges Apr 23 16:43:01.394512 osdx dnscrypt-proxy[14402]: Network connectivity detected Apr 23 16:43:01.394694 osdx dnscrypt-proxy[14402]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:01.394743 osdx dnscrypt-proxy[14402]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:01.394791 osdx dnscrypt-proxy[14402]: Firefox workaround initialized Apr 23 16:43:01.394831 osdx dnscrypt-proxy[14402]: Loading the set of cloaking rules from [/tmp/tmpv924AY] Apr 23 16:43:01.400739 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:01.550926 osdx dnscrypt-proxy[14402]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 23 16:43:01.550960 osdx dnscrypt-proxy[14402]: [RD] OK (DoH) - rtt: 133ms Apr 23 16:43:01.550974 osdx dnscrypt-proxy[14402]: Server with the lowest initial latency: RD (rtt: 133ms) Apr 23 16:43:01.550984 osdx dnscrypt-proxy[14402]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:07.525997 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 2
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-04-23 16:43:07 UTC, end at Tue 2024-04-23 16:43:17 UTC. -- Apr 23 16:43:07.717059 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:43:07.725480 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:43:07.962235 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:08.055443 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:43:08.125210 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:43:08.221232 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:43:08.221783 osdx dnscrypt-proxy[14402]: Stopped. Apr 23 16:43:08.222499 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:43:08.222753 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:43:08.288108 osdx ca-certificates[14479]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:43:08.490332 osdx ca-certificates[15037]: done. Apr 23 16:43:08.494848 osdx ca-certificates[15042]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:08.843376 osdx ca-certificates[15880]: 137 added, 0 removed; done. Apr 23 16:43:08.847456 osdx ca-certificates[15883]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:08.851203 osdx ca-certificates[15887]: done. Apr 23 16:43:08.881202 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:08.884088 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:08.899634 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:09.897646 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:09.955618 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:10.051125 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:10.106672 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:10.204563 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:10.261781 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:10.349806 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:43:10.399482 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 23 16:43:10.487295 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:10.539396 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:10.634772 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:10.708790 osdx ca-certificates[15935]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:11.128741 osdx ca-certificates[16919]: 1 added, 0 removed; done. Apr 23 16:43:11.132943 osdx ca-certificates[16922]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:11.136666 osdx ca-certificates[16926]: done. Apr 23 16:43:11.158972 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:43:11.266389 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:11.268550 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:11.295750 osdx dnscrypt-proxy[16986]: dnscrypt-proxy 2.0.45 Apr 23 16:43:11.296010 osdx dnscrypt-proxy[16986]: Network connectivity detected Apr 23 16:43:11.296300 osdx dnscrypt-proxy[16986]: Dropping privileges Apr 23 16:43:11.303704 osdx dnscrypt-proxy[16986]: Network connectivity detected Apr 23 16:43:11.303898 osdx dnscrypt-proxy[16986]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:11.303948 osdx dnscrypt-proxy[16986]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:11.304002 osdx dnscrypt-proxy[16986]: Firefox workaround initialized Apr 23 16:43:11.304043 osdx dnscrypt-proxy[16986]: Loading the set of cloaking rules from [/tmp/tmpFOc8wZ] Apr 23 16:43:11.322683 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:11.345260 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:11.478776 osdx dnscrypt-proxy[16986]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 23 16:43:11.478788 osdx dnscrypt-proxy[16986]: [RD] OK (DoH) - rtt: 136ms Apr 23 16:43:11.478795 osdx dnscrypt-proxy[16986]: Server with the lowest initial latency: RD (rtt: 136ms) Apr 23 16:43:11.478799 osdx dnscrypt-proxy[16986]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:17.474911 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 3
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-04-23 16:43:17 UTC, end at Tue 2024-04-23 16:43:27 UTC. -- Apr 23 16:43:17.654288 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:43:17.661899 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:43:17.910969 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:17.960626 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:43:18.063701 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:43:18.110528 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:43:18.111012 osdx dnscrypt-proxy[16986]: Stopped. Apr 23 16:43:18.111599 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:43:18.111926 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:43:18.173699 osdx ca-certificates[17072]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:43:18.358875 osdx ca-certificates[17630]: done. Apr 23 16:43:18.363409 osdx ca-certificates[17635]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:18.687592 osdx ca-certificates[18473]: 137 added, 0 removed; done. Apr 23 16:43:18.691598 osdx ca-certificates[18476]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:18.695323 osdx ca-certificates[18480]: done. Apr 23 16:43:18.723462 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:18.725876 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:18.740552 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:19.728346 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:19.824141 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:19.871387 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:19.967007 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:20.015069 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:20.105835 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:20.152262 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_RC4_128_SHA'. Apr 23 16:43:20.241746 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 23 16:43:20.285993 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:20.377909 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:20.425562 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:20.534853 osdx ca-certificates[18528]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:20.904717 osdx ca-certificates[19512]: 1 added, 0 removed; done. Apr 23 16:43:20.908754 osdx ca-certificates[19515]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:20.912369 osdx ca-certificates[19519]: done. Apr 23 16:43:20.930965 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:43:21.030609 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:21.032524 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:21.059228 osdx dnscrypt-proxy[19579]: dnscrypt-proxy 2.0.45 Apr 23 16:43:21.059468 osdx dnscrypt-proxy[19579]: Network connectivity detected Apr 23 16:43:21.059740 osdx dnscrypt-proxy[19579]: Dropping privileges Apr 23 16:43:21.067630 osdx dnscrypt-proxy[19579]: Network connectivity detected Apr 23 16:43:21.067801 osdx dnscrypt-proxy[19579]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:21.067842 osdx dnscrypt-proxy[19579]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:21.067891 osdx dnscrypt-proxy[19579]: Firefox workaround initialized Apr 23 16:43:21.067923 osdx dnscrypt-proxy[19579]: Loading the set of cloaking rules from [/tmp/tmptDHtBr] Apr 23 16:43:21.077821 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:21.094105 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:21.227309 osdx dnscrypt-proxy[19579]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 23 16:43:21.227321 osdx dnscrypt-proxy[19579]: [RD] OK (DoH) - rtt: 119ms Apr 23 16:43:21.227329 osdx dnscrypt-proxy[19579]: Server with the lowest initial latency: RD (rtt: 119ms) Apr 23 16:43:21.227333 osdx dnscrypt-proxy[19579]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:27.219323 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 4
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49199Show output
-- Logs begin at Tue 2024-04-23 16:43:27 UTC, end at Tue 2024-04-23 16:43:36 UTC. -- Apr 23 16:43:27.400775 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:43:27.408643 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:43:27.658193 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:27.721194 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:43:27.824381 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:43:27.886075 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:43:27.886571 osdx dnscrypt-proxy[19579]: Stopped. Apr 23 16:43:27.887268 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:43:27.887525 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:43:27.951569 osdx ca-certificates[19665]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:43:28.142541 osdx ca-certificates[20223]: done. Apr 23 16:43:28.147031 osdx ca-certificates[20228]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:28.470031 osdx ca-certificates[21067]: 137 added, 0 removed; done. Apr 23 16:43:28.473568 osdx ca-certificates[21070]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:28.476764 osdx ca-certificates[21074]: done. Apr 23 16:43:28.503796 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:28.506157 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:28.520449 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:29.024042 osdx systemd[1]: systemd-timedated.service: Succeeded. Apr 23 16:43:29.485251 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:29.540234 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:29.635115 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:29.685789 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:29.776655 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:29.829939 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:29.916819 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 23 16:43:29.965686 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'. Apr 23 16:43:30.052899 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:30.101327 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:30.195839 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:30.268582 osdx ca-certificates[21124]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:30.665229 osdx ca-certificates[22109]: 1 added, 0 removed; done. Apr 23 16:43:30.670123 osdx ca-certificates[22113]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:30.673581 osdx ca-certificates[22117]: done. Apr 23 16:43:30.694961 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:43:30.800892 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:30.803053 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:30.831254 osdx dnscrypt-proxy[22176]: dnscrypt-proxy 2.0.45 Apr 23 16:43:30.831528 osdx dnscrypt-proxy[22176]: Network connectivity detected Apr 23 16:43:30.832303 osdx dnscrypt-proxy[22176]: Dropping privileges Apr 23 16:43:30.839741 osdx dnscrypt-proxy[22176]: Network connectivity detected Apr 23 16:43:30.839959 osdx dnscrypt-proxy[22176]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:30.840007 osdx dnscrypt-proxy[22176]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:30.840064 osdx dnscrypt-proxy[22176]: Firefox workaround initialized Apr 23 16:43:30.840110 osdx dnscrypt-proxy[22176]: Loading the set of cloaking rules from [/tmp/tmpa20dMk] Apr 23 16:43:30.852656 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:30.869122 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:30.998882 osdx dnscrypt-proxy[22176]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49199 Apr 23 16:43:30.998893 osdx dnscrypt-proxy[22176]: [RD] OK (DoH) - rtt: 117ms Apr 23 16:43:30.998901 osdx dnscrypt-proxy[22176]: Server with the lowest initial latency: RD (rtt: 117ms) Apr 23 16:43:30.998905 osdx dnscrypt-proxy[22176]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:36.995548 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 5
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 49200Show output
-- Logs begin at Tue 2024-04-23 16:43:37 UTC, end at Tue 2024-04-23 16:43:46 UTC. -- Apr 23 16:43:37.187934 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:43:37.196044 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:43:37.413984 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:37.501622 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:43:37.559376 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:43:37.643173 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:43:37.643666 osdx dnscrypt-proxy[22176]: Stopped. Apr 23 16:43:37.644407 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:43:37.644659 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:43:37.709133 osdx ca-certificates[22264]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:43:37.913391 osdx ca-certificates[22822]: done. Apr 23 16:43:37.918013 osdx ca-certificates[22827]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:38.255640 osdx ca-certificates[23665]: 137 added, 0 removed; done. Apr 23 16:43:38.259426 osdx ca-certificates[23668]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:38.263074 osdx ca-certificates[23672]: done. Apr 23 16:43:38.290078 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:38.292512 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:38.306347 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:39.265158 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:39.357603 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:39.404865 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:39.498838 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:39.547219 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:39.641654 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:39.690368 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 23 16:43:39.781175 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'. Apr 23 16:43:39.827403 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:39.921773 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:39.970402 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:40.083189 osdx ca-certificates[23720]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:40.450633 osdx ca-certificates[24704]: 1 added, 0 removed; done. Apr 23 16:43:40.454344 osdx ca-certificates[24707]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:40.457806 osdx ca-certificates[24711]: done. Apr 23 16:43:40.478961 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:43:40.575866 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:40.577952 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:40.603598 osdx dnscrypt-proxy[24771]: dnscrypt-proxy 2.0.45 Apr 23 16:43:40.603834 osdx dnscrypt-proxy[24771]: Network connectivity detected Apr 23 16:43:40.604121 osdx dnscrypt-proxy[24771]: Dropping privileges Apr 23 16:43:40.611599 osdx dnscrypt-proxy[24771]: Network connectivity detected Apr 23 16:43:40.611773 osdx dnscrypt-proxy[24771]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:40.611813 osdx dnscrypt-proxy[24771]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:40.611866 osdx dnscrypt-proxy[24771]: Firefox workaround initialized Apr 23 16:43:40.611900 osdx dnscrypt-proxy[24771]: Loading the set of cloaking rules from [/tmp/tmpRYZRCc] Apr 23 16:43:40.626201 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:40.643259 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:40.785885 osdx dnscrypt-proxy[24771]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 49200 Apr 23 16:43:40.785897 osdx dnscrypt-proxy[24771]: [RD] OK (DoH) - rtt: 135ms Apr 23 16:43:40.785905 osdx dnscrypt-proxy[24771]: Server with the lowest initial latency: RD (rtt: 135ms) Apr 23 16:43:40.785909 osdx dnscrypt-proxy[24771]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:46.764739 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.
Example 6
Step 1: Set the following configuration in DUT0:
set system certificate trust running://remote.dns-server.crt set service dns proxy server-name RD set service dns proxy static RD protocol dns-over-https host name remote.dns set service dns proxy static RD protocol dns-over-https ip 10.215.168.1 set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 set service dns proxy log level 0 set interfaces ethernet eth0 address 10.215.168.10/24 set protocols static route 0.0.0.0/0 next-hop 10.215.168.1
Step 2: Run command show host lookup teldat.com type A at DUT0 and check if output contains the following tokens:
teldat.com has address 19.18.17.16Show output
teldat.com has address 19.18.17.16
Step 3: Run command system journal show | cat at DUT0 and check if output contains the following tokens:
Cipher suite: 52392Show output
-- Logs begin at Tue 2024-04-23 16:43:46 UTC, end at Tue 2024-04-23 16:43:56 UTC. -- Apr 23 16:43:46.943387 osdx systemd-journald[567]: Runtime journal (/run/log/journal/6df91b3cebc34c1981199ddec73128ac) is 2.0M, max 16.0M, 14.0M free. Apr 23 16:43:46.950988 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'system journal clear'. Apr 23 16:43:47.203087 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:47.291983 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'delete'. Apr 23 16:43:47.350405 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system login user admin authentication encrypted-password $6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'. Apr 23 16:43:47.433842 osdx systemd[1]: Stopping DNSCrypt client proxy... Apr 23 16:43:47.434342 osdx dnscrypt-proxy[24771]: Stopped. Apr 23 16:43:47.435101 osdx systemd[1]: dnscrypt-proxy.service: Succeeded. Apr 23 16:43:47.435358 osdx systemd[1]: Stopped DNSCrypt client proxy. Apr 23 16:43:47.499129 osdx ca-certificates[24859]: Clearing symlinks in /etc/ssl/certs... Apr 23 16:43:47.686108 osdx ca-certificates[25417]: done. Apr 23 16:43:47.690310 osdx ca-certificates[25422]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:48.007576 osdx ca-certificates[26260]: 137 added, 0 removed; done. Apr 23 16:43:48.011253 osdx ca-certificates[26263]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:48.014602 osdx ca-certificates[26267]: done. Apr 23 16:43:48.041230 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:48.043706 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:48.057991 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:49.004736 osdx OSDxCLI[1600]: User 'admin' entered the configuration menu. Apr 23 16:43:49.099967 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set system certificate trust running://remote.dns-server.crt'. Apr 23 16:43:49.150543 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy server-name RD'. Apr 23 16:43:49.243881 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https host name remote.dns'. Apr 23 16:43:49.295306 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https ip 10.215.168.1'. Apr 23 16:43:49.389088 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy static RD protocol dns-over-https hash 171e241c983e5338d0576e20b4a1cb028529a8b59a18a90702379e01bd2a26af'. Apr 23 16:43:49.438037 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 1 algorithm TLS_RSA_WITH_3DES_EDE_CBC_SHA'. Apr 23 16:43:49.526752 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy cipher 2 algorithm TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'. Apr 23 16:43:49.571979 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set service dns proxy log level 0'. Apr 23 16:43:49.665321 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set interfaces ethernet eth0 address 10.215.168.10/24'. Apr 23 16:43:49.712601 osdx OSDxCLI[1600]: User 'admin' added a new cfg line: 'set protocols static route 0.0.0.0/0 next-hop 10.215.168.1'. Apr 23 16:43:49.824420 osdx ca-certificates[26315]: Updating certificates in /etc/ssl/certs... Apr 23 16:43:50.190984 osdx ca-certificates[27300]: 1 added, 0 removed; done. Apr 23 16:43:50.194716 osdx ca-certificates[27303]: Running hooks in /etc/ca-certificates/update.d... Apr 23 16:43:50.198136 osdx ca-certificates[27307]: done. Apr 23 16:43:50.218965 osdx kernel: 8021q: adding VLAN 0 to HW filter on device eth0 Apr 23 16:43:50.314917 osdx systemd[1]: Started DNSCrypt client proxy. Apr 23 16:43:50.316922 osdx cfgd[1182]: [1600]Completed change to active configuration Apr 23 16:43:50.343174 osdx dnscrypt-proxy[27367]: dnscrypt-proxy 2.0.45 Apr 23 16:43:50.343412 osdx dnscrypt-proxy[27367]: Network connectivity detected Apr 23 16:43:50.343684 osdx dnscrypt-proxy[27367]: Dropping privileges Apr 23 16:43:50.350673 osdx dnscrypt-proxy[27367]: Network connectivity detected Apr 23 16:43:50.350854 osdx dnscrypt-proxy[27367]: Now listening to 127.0.0.1:53 [UDP] Apr 23 16:43:50.350898 osdx dnscrypt-proxy[27367]: Now listening to 127.0.0.1:53 [TCP] Apr 23 16:43:50.350964 osdx dnscrypt-proxy[27367]: Firefox workaround initialized Apr 23 16:43:50.350996 osdx dnscrypt-proxy[27367]: Loading the set of cloaking rules from [/tmp/tmp98UFwR] Apr 23 16:43:50.361482 osdx OSDxCLI[1600]: User 'admin' committed the configuration. Apr 23 16:43:50.379379 osdx OSDxCLI[1600]: User 'admin' left the configuration menu. Apr 23 16:43:50.516218 osdx dnscrypt-proxy[27367]: [RD] TLS version: 303 - Protocol: h2 - Cipher suite: 52392 Apr 23 16:43:50.516231 osdx dnscrypt-proxy[27367]: [RD] OK (DoH) - rtt: 124ms Apr 23 16:43:50.516240 osdx dnscrypt-proxy[27367]: Server with the lowest initial latency: RD (rtt: 124ms) Apr 23 16:43:50.516245 osdx dnscrypt-proxy[27367]: dnscrypt-proxy is ready - live servers: 1 Apr 23 16:43:56.507409 osdx OSDxCLI[1600]: User 'admin' executed a new command: 'show host lookup teldat.com type A'.